Bug 329641 - Possible to crash with SELinux relabeling support
Possible to crash with SELinux relabeling support
Status: CLOSED UPSTREAM
Product: Fedora
Classification: Fedora
Component: util-linux-ng (Show other bugs)
rawhide
All Linux
low Severity low
: ---
: ---
Assigned To: Karel Zak
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-10-12 11:52 EDT by KaiGai Kohei
Modified: 2007-11-30 17:12 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-10-22 05:01:13 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
The patch fixes the reported matter using matchpathcon() (939 bytes, patch)
2007-10-12 11:52 EDT, KaiGai Kohei
no flags Details | Diff

  None (edit)
Description KaiGai Kohei 2007-10-12 11:52:09 EDT
Description of problem:

I found a theoretical crach in mkswap command with SELinux relabeling support.
See the following section. It is a part of util-linux-ng-2.13/disk-
utils/mkswap.c .
----------------
#ifdef HAVE_LIBSELINUX
    if (S_ISREG(statbuf.st_mode) && is_selinux_enabled()) {
        security_context_t context_string;
        security_context_t oldcontext;
        context_t newcontext;

        if ((fgetfilecon(DEV, &oldcontext) < 0) &&      <-- ATTENTION!
            (errno != ENODATA)) {
            fprintf(stderr, _("%s: %s: unable to obtain selinux file label: %
s\n"),
                    program_name, device_name,
                    strerror(errno));
            exit(1);
        }
        if (!(newcontext = context_new(oldcontext)))
            die(_("unable to create new selinux context"));
        if (context_type_set(newcontext, SELINUX_SWAPFILE_TYPE))
            die(_("couldn't compute selinux context"));

        context_string = context_str(newcontext);

        if (strcmp(context_string, oldcontext)!=0) {
            if (fsetfilecon(DEV, context_string)) {
                fprintf(stderr, _("%s: unable to relabel %s to %s: %s\n"),
                        program_name, device_name,
                        context_string,
                        strerror(errno));
                exit(1);
            }
        }
        context_free(newcontext);
        freecon(oldcontext);
    }
#endif
----------------
When fgetfilecon() is failed with -ENODATA, this process does not exit.
However, "oldcontext" is not initialized in this case,
so context_new() will be called with uninitialized "oldcontext" at the next.

Finally, it makes a segmentation fault, because context_new() have to refer an 
incorrect memory region.

Version-Release number of selected component (if applicable):
- util-linux-ng-2.13-2.fc8.src.rpm

The attached patch fixes this matter using matchpathcon().
If we cannot obtain actual file context due to -ENODATA, a context which is 
returned by matchpathcon() is applied as oldcontext.
Then, the type of the context is relabeled to "swapfile_t" explicitly.
Comment 1 KaiGai Kohei 2007-10-12 11:52:09 EDT
Created attachment 225681 [details]
The patch fixes the reported matter using matchpathcon()
Comment 2 Karel Zak 2007-10-22 05:01:13 EDT
This bugfix will be included in the next stable update (to v2.13.1). Thanks.

Note You need to log in before you can comment on or make changes to this bug.