Description of problem: By example: If a printer instance 'NuclearLauchOrders_printer' is created with the 'Secret' classification, no-one below this clearance should be able to see it or check it's name/device Curently, this is possible. A user in the SystemLow-<something> clearance can see printers with 'Secret' or higher classification. Version-Release number of selected component (if applicable): cups-1.2.4-11.5.el5 How reproducible: always Steps to Reproduce: 1. chcon -l SystemHigh /dev/lp0 2. lpadmin -p SystemHighPrinter -E -v /dev/lp0 -m postscript.ppd.gz 3. log in as user_r/SystemLow-<something> 4. lpstat -t Actual results: user can check printers name Expected results: User can't see printer instance name, device, if it's enabled or not etc Additional info:
Another interesting (yet frightening) bit: I have a SystemHigh Printer installed as 'TestPrinter'. As a SysLow-SysHigh user, I try to print a file which cups naturally denies: -bash-3.1$ lpr -P FilePrinter Audit_ok.ps lpr: SELinux prohibits access to the printer After that, I try to query the printer with lpq: -bash-3.1$ lpq FilePrinter FilePrinter is ready And this is what happens (this is cupsd running from whithin a gdb session): (gdb) Starting program: /usr/sbin/cupsd -f [Thread debugging using libthread_db enabled] [New Thread 4160650000 (LWP 16442)] cupsd_enqueue_: denied { write } for scontext=testuser_u:user_r:user_lpr_t:s0-s15:c0.c1023 tcontext=abat_u:object_r:printer_device_t:s15:c0.c1023 tclass=file Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 4160650000 (LWP 16442)] 0x079e6fc4 in strcasecmp () from /lib/libc.so.6 (gdb) #0 0x079e6fc4 in strcasecmp () from /lib/libc.so.6 #1 0x0802ab3c in ?? () from /usr/sbin/cupsd #2 0x08032dec in ?? () from /usr/sbin/cupsd #3 0x08016cc4 in ?? () from /usr/sbin/cupsd #4 0x080237ac in ?? () from /usr/sbin/cupsd #5 0x0797dc0c in generic_start_main () from /lib/libc.so.6 #6 0x0797de34 in __libc_start_main () from /lib/libc.so.6 #7 0x00000000 in ?? () (gdb) Is there separate debugging symbols packages somewhere?
There isn't anything secret about the printer name. Printing to files isn't supported, but cupsd should never crash. I see you FileDevice printer is SystemHigh and your user is SystemLow-SystemHigh. Do you know what is going on when cups SIGSEGVs? Can you supply the last dozen or so lines of error_log with LogLevel set to debug2.
Klaus: please install the cups-debuginfo package corresponding to the same version and release as the cups package (cups-debuginfo-1.2.4-11.5.el5). Changing bug summary in response to comment #2.
(In reply to comment #2) > There isn't anything secret about the printer name. According to Klaus W., "It's a violation of the MLS data flow rules", but it can be addressed by stating in the EGC that no sensible information should be used as printer names. I don't like changing things this late in the game either > Printing to files isn't supported, but cupsd should never crash. I see you > FileDevice printer is SystemHigh and your user is SystemLow-SystemHigh. Do you > know what is going on when cups SIGSEGVs? Can you supply the last dozen or so > lines of error_log with LogLevel set to debug2. The odd thing about this is that: * it only occurs after a successful printing * it only occurs after I try to get info via 'lpq something'. No errors seen when issuing 'lpq -P printer' (which is actually the correct syntax for querying a specific printer: -bash-3.1$ lpr -P FilePrinter Audit_ok.ps lpr: SELinux prohibits access to the printer -bash-3.1$ lpq -P FilePrinter FilePrinter is ready no entries -bash-3.1$ lpq something FilePrinter is ready lpq: Unknown -bash-3.1$ The log you requested: I [09/Mar/2007:05:29:56 -0600] cupsdAcceptClient: peer's pid=17289, uid=504, gid=504, auid=504 I [09/Mar/2007:05:29:56 -0600] cupsdAcceptClient: client context=testuser_u:user_r:user_lpr_t:SystemLow-SystemHigh D [09/Mar/2007:05:29:56 -0600] cupsdAcceptClient: 6 from localhost (Domain) D [09/Mar/2007:05:29:56 -0600] cupsdReadClient: 6 POST / HTTP/1.1 D [09/Mar/2007:05:29:56 -0600] cupsdAuthorize: No authentication data provided. D [09/Mar/2007:05:29:56 -0600] CUPS-Get-Printers D [09/Mar/2007:05:29:56 -0600] cupsdProcessIPPRequest: 6 status_code=0 (successful-ok) D [09/Mar/2007:05:29:56 -0600] cupsdReadClient: 6 POST / HTTP/1.1 D [09/Mar/2007:05:29:56 -0600] cupsdAuthorize: No authentication data provided. D [09/Mar/2007:05:29:56 -0600] CUPS-Get-Classes D [09/Mar/2007:05:29:56 -0600] cupsdProcessIPPRequest: 6 status_code=0 (successful-ok) D [09/Mar/2007:05:29:56 -0600] cupsdReadClient: 6 POST / HTTP/1.1 D [09/Mar/2007:05:29:56 -0600] cupsdAuthorize: No authentication data provided. D [09/Mar/2007:05:29:56 -0600] CUPS-Get-Default D [09/Mar/2007:05:29:56 -0600] CUPS-Get-Default client-error-not-found: No default printer D [09/Mar/2007:05:29:56 -0600] cupsdProcessIPPRequest: 6 status_code=406 (client-error-not-found) D [09/Mar/2007:05:29:56 -0600] cupsdReadClient: 6 POST / HTTP/1.1 D [09/Mar/2007:05:29:56 -0600] cupsdAuthorize: No authentication data provided. D [09/Mar/2007:05:29:56 -0600] Get-Printer-Attributes ipp://localhost/printers/FilePrinter D [09/Mar/2007:05:29:56 -0600] cupsdProcessIPPRequest: 6 status_code=0 (successful-ok) D [09/Mar/2007:05:29:56 -0600] cupsdReadClient: 6 POST / HTTP/1.1 D [09/Mar/2007:05:29:56 -0600] cupsdAuthorize: No authentication data provided. D [09/Mar/2007:05:29:56 -0600] Get-Jobs ipp://localhost/printers/FilePrinter D [09/Mar/2007:05:29:56 -0600] get_jobs: client context testuser_u:user_r:user_lpr_t:SystemLow-SystemHigh
(In reply to comment #3) > Klaus: please install the cups-debuginfo package corresponding to the same > version and release as the cups package (cups-debuginfo-1.2.4-11.5.el5). Couldn't find this package anywhere... > Changing bug summary in response to comment #2. >
(In reply to comment #5) > Couldn't find this package anywhere... What architecture are you using? comment #1 seems to indicate that it is a 32-bit platform, so perhaps it is x86?
(In reply to comment #6) > (In reply to comment #5) > > Couldn't find this package anywhere... > > What architecture are you using? comment #1 seems to indicate that it is a > 32-bit platform, so perhaps it is x86? This specific box is a ppc64 LPAR, but I can set-up a x86_64 in 20mins if needed.
Klaus, here is the ppc64 package: http://cyberelk.net/tim/tmp/cups-debuginfo-1.2.4-11.5.el5.ppc64.rpm
Klaus, please run with the referenced package and post results.
Sorry about my lack of gdb knowledge, but can anyone point me to how to use the debuginfo packages? I was trying something like this: run_init gdb -d /usr/src/debug/cups-1.2.4 --symbols=/usr/lib/debug/usr/sbin/cupsd.debug cupsd
I'm not sure if this is possible in enforcing mode, but what I would try is to run_init /etc/init.d/cups restart then use `ps ax | grep [c]upsd` to get the pid, then you can start gdb like above and use "attach <pid>" to attach it to the running cupsd. Once you've done that repeat your test and gdb should give you some backtrace information about what went wrong where.
Just start gdb like: gdb /usr/sbin/cupsd <pid> where $pid is the PID from 'ps ax'. It automatically finds the debuginfo stuff; nothing you have to do.
[root/abat_r/SystemLow@zaphod ~]# gdb /usr/sbin/cupsd GNU gdb Red Hat Linux (6.5-16.el5rh) Copyright (C) 2006 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "ppc64-redhat-linux-gnu"... warning: the debug information found in "/usr/lib/debug//usr/sbin/cupsd.debug" does not match "/usr/sbin/cupsd" (CRC mismatch). (no debugging symbols found) Using host libthread_db library "/lib64/libthread_db.so.1". (gdb) attach 27924 Attaching to program: /usr/sbin/cupsd, process 27924 warning: process 27924 is a cloned process ../../gdb/linux-nat.c:1069: internal-error: linux_nat_attach: Assertion `pid == GET_PID (inferior_ptid) && WIFSTOPPED (status)' failed. A problem internal to GDB has been detected, further debugging may prove unreliable. Quit this debugging session? (y or n) n ../../gdb/linux-nat.c:1069: internal-error: linux_nat_attach: Assertion `pid == GET_PID (inferior_ptid) && WIFSTOPPED (status)' failed. A problem internal to GDB has been detected, further debugging may prove unreliable. Create a core file of GDB? (y or n) y (gdb)
Using another method, I could check that the error is in fact with a strcasecmp: (gdb) Continuing. cupsd_enqueue_: denied { write } for scontext=testuser_u:user_r:user_lpr_t:s0-s15:c0.c1023 tcontext=abat_u:object_r:printer_device_t:s15:c0.c1023 tclass=file Program received signal SIGSEGV, Segmentation fault. 0x079e6fc4 in *__GI___strcasecmp (s1=0xfc4803ec "FilePrinter", s2=0x0) at strcasecmp.c:65 65 strcasecmp.c: No such file or directory. in strcasecmp.c (gdb) #0 0x079e6fc4 in *__GI___strcasecmp (s1=0xfc4803ec "FilePrinter", s2=0x0) at strcasecmp.c:65 #1 0x0802ab3c in ?? () from /usr/sbin/cupsd #2 0x08032dec in ?? () from /usr/sbin/cupsd #3 0x08016cc4 in ?? () from /usr/sbin/cupsd #4 0x080237ac in ?? () from /usr/sbin/cupsd #5 0x0797dc0c in generic_start_main (main=0x8023030, argc=2, ubp_av=0xfc48fb54, auxvec=0xfc48fbb8, init=<value optimized out>, fini=<value optimized out>, rtld_fini=<value optimized out>, stack_end=<value optimized out>) at ../csu/libc-start.c:231 #6 0x0797de34 in __libc_start_main (argc=2, ubp_av=0xfc48fb54, ubp_ev=<value optimized out>, auxvec=0xfc48fbb8, rtld_fini=0xf7fbeb40 <_dl_fini>, stinfo=0x8070538, stack_on_entry=0xfc48fb40) at ../sysdeps/unix/sysv/linux/powerpc/libc-start.c:127 #7 0x00000000 in ?? ()
This: warning: the debug information found in "/usr/lib/debug//usr/sbin/cupsd.debug" does not match "/usr/sbin/cupsd" (CRC mismatch). is preventing us from seeing a useful stack trace. What does this say?: rpm -q cups cups-debuginfo
[root/abat_r/SystemLow@zaphod misc_test]# rpm -q cups cups-debuginfo cups-1.2.4-11.5.el5 cups-debuginfo-1.2.4-11.5.el5 [root/abat_r/SystemLow@zaphod misc_test]# file `which cupsd` /usr/sbin/cupsd: ELF 32-bit MSB shared object, PowerPC or cisco 4500, version 1 (SYSV), for GNU/Linux 2.6.9, stripped [root/abat_r/SystemLow@zaphod misc_test]# file /usr/lib/debug/usr/sbin/cupsd.debug /usr/lib/debug/usr/sbin/cupsd.debug: ELF 64-bit MSB shared object, cisco 7500, version 1 (SYSV), not stripped [root/abat_r/SystemLow@zaphod misc_test]#
Ah, I see. :-) Please uninstall the cups-debuginfo package you have (rpm -e cups-debuginfo) and install this one instead: http://cyberelk.net/tim/tmp/cups-debuginfo-1.2.4-11.5.el5.ppc.rpm Sorry for the mix-up.
Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 4160650000 (LWP 27991)] 0x079e6fc4 in *__GI___strcasecmp (s1=0xf83903ec "FilePrinter", s2=0x0) at strcasecmp.c:65 65 strcasecmp.c: No such file or directory. in strcasecmp.c (gdb) #0 0x079e6fc4 in *__GI___strcasecmp (s1=0xf83903ec "FilePrinter", s2=0x0) at strcasecmp.c:65 #1 0x0802ab3c in get_jobs (con=0x80b1e50, uri=<value optimized out>) at ipp.c:5862 #2 0x08032dec in cupsdProcessIPPRequest (con=0x80b1e50) at ipp.c:494 #3 0x28004484 in ?? () #4 0x08016cc4 in cupsdReadClient (con=0x80b1e50) at client.c:2020 #5 0x44004488 in ?? () #6 0x080237ac in main (argc=<value optimized out>, argv=<value optimized out>) at main.c:938 #7 0x22000422 in ?? () #8 0x0797dc0c in generic_start_main (main=0x8023030 <main>, argc=2, ubp_av=0xf839fb54, auxvec=0xf839fbb8, init=<value optimized out>, fini=<value optimized out>, rtld_fini=<value optimized out>, stack_end=<value optimized out>) at ../csu/libc-start.c:231 #9 0x0797de34 in __libc_start_main (argc=2, ubp_av=0xf839fb54, ubp_ev=<value optimized out>, auxvec=0xf839fbb8, rtld_fini=0xf7fbeb40 <_dl_fini>, stinfo=0x8070538, stack_on_entry=0xf839fb40) at ../sysdeps/unix/sysv/linux/powerpc/libc-start.c:127 #10 0x00000000 in ?? () (gdb) #1 0x0802ab3c in get_jobs (con=0x80b1e50, uri=<value optimized out>) at ipp.c:5862 5862 ipp.c: No such file or directory. in ipp.c (gdb) $1 = (cupsd_client_t *) 0x80b1e50 (gdb) $2 = <value optimized out> (gdb) --- "scheduler/ipp.c" line 5862 of 9717 --- if (username[0] && strcasecmp(username, job->username)) ------------------ job->username = NULL here
Okay, problem understood. Thanks for your help in tracking it down. Reported upstream as STR #2288 with patch.
During testing a related problem has arisen. mra: what did you intend to occur in this code snippet if context_range_get() returns NULL?: clirange = strdup(context_range_get(clicon)); if ((cliclearance = strtok(clirange, "-")) != NULL) { if (context_range_set(tmpcon, cliclearance) == -1) { cupsdSendError(con, HTTP_SERVER_ERROR); free(clirange); context_free(tmpcon); context_free(clicon); return (cupsdCloseClient(con)); } } else { if (context_range_set(tmpcon, (context_range_get(clicon))) == -1) { cupsdSendError(con, HTTP_SERVER_ERROR); free(clirange); context_free(tmpcon); context_free(clicon); return (cupsdCloseClient(con)); } } free(clirange); Should the context_set_range() call be skipped, or should we fail altogether?
The point of this code is to remove the upper portion of a range, so that the files created are all at the lower bound of the range. If the range string is blank then there is no need to strip off the upper bound and the call to context_set_range() can safely be skipped.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2007-1020.html