$ rpm -qf /lib/libselinux.so.1 libselinux-2.0.24-2.fc8 $ sudo su - Segmentation fault $ sudo strace -f su - .... open("/selinux/class/passwd/perms/crontab", O_RDONLY) = 4 read(4, "5", 19) = 1 close(4) = 0 --- SIGSEGV (Segmentation fault) @ 0 (0) --- $ sudo gdb su (gdb) run - Starting program: /bin/su - .. Program received signal SIGSEGV, Segmentation fault. string_to_security_class (s=0x2aaaabca42c6 "passwd") at stringrep.c:264 264 node->perms[value-1] = strdup(dentry->d_name); (gdb) bt #0 string_to_security_class (s=0x2aaaabca42c6 "passwd") at stringrep.c:264 #1 0x00002aaaabc99ba0 in *selinux_check_passwd_access_internal (requested=8) at checkAccess.c:20 #2 0x00002aaaaba4c6ca in pam_sm_authenticate () from /lib64/security/pam_rootok.so
What is the context of the logged in user? id -Z I am not able to reproduce here.
kernel version?
and architecture. Also, print value and *dentry.
$ id -Z system_u:system_r:unconfined_t:s0 $ uname -a Linux slash 2.6.23-0.35.rc0.git6.fc8 #1 SMP Thu Jul 19 17:21:21 EDT 2007 x86_64 x86_64 x86_64 GNU/Linux
Program received signal SIGSEGV, Segmentation fault. string_to_security_class (s=0x2aaaafb122c6 "passwd") at stringrep.c:264 264 node->perms[value-1] = strdup(dentry->d_name); (gdb) list 259 goto err4; 260 261 if (sscanf(buf, "%u", (unsigned int *)&value) != 1) 262 goto err4; 263 264 node->perms[value-1] = strdup(dentry->d_name); 265 if (node->perms[value-1] == NULL) 266 goto err4; 267 268 dentry = readdir(dir); (gdb) info locals value = 140733193388037 m = {st_dev = 14, st_ino = 67109859, st_nlink = 1, st_mode = 33060, st_uid = 0, st_gid = 0, pad0 = 0, st_rdev = 0, st_size = 0, st_blksize = 4096, st_blocks = 0, st_atim = { tv_sec = 1185205760, tv_nsec = 847574726}, st_mtim = {tv_sec = 1185205760, tv_nsec = 847574726}, st_ctim = {tv_sec = 1185205760, tv_nsec = 847574726}, __unused = {0, 0, 0}} node = (struct discover_class_node *) 0x6108a0 (gdb) up #1 0x00002aaaafb07ba0 in *selinux_check_passwd_access_internal (requested=8) at checkAccess.c:20 20 passwd_class = string_to_security_class("passwd"); (gdb) list 15 if (getprevcon_raw(&user_context) == 0) { 16 security_class_t passwd_class; 17 struct av_decision avd; 18 int retval; 19 20 passwd_class = string_to_security_class("passwd"); 21 if (passwd_class == 0) 22 return 0; 23 24 retval = security_compute_av_raw(user_context, (gdb) info locals passwd_class = <value optimized out> avd = {allowed = 0, decided = 0, auditallow = 0, auditdeny = 0, seqno = 1} retval = <value optimized out> status = <value optimized out> user_context = <value optimized out>
Created attachment 159785 [details] fix bug in string_to_security_class
Fixed in libselinux-2.0.24-3