Bug 359531 - corrupting file context database
corrupting file context database
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: policycoreutils (Show other bugs)
7
x86_64 Linux
low Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-10-30 22:41 EDT by Hynek Černoch
Modified: 2008-01-21 10:42 EST (History)
0 users

See Also:
Fixed In Version: Current
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-01-21 10:42:29 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Hynek Černoch 2007-10-30 22:41:53 EDT
File context database became corrupted after an mistaken semanage fcontext..
command containing \n character. Afterwards it is not possible to execute any
semanage fcontext.. command, neither to delete it nor to list.

policycoreutils-2.0.16-11.fc7

Steps to Reproduce:
  semanage fcontext -a -t samba_share_t       '/samba
  semanage fcontext -a -t public_content_rw_t '/samba/www
(Some ending apostrophes forgotten, when two commands were pasted from editor to
commandline.)

It is also possible to corrupt the users* database by "semanage user.." and
probably others.

Please forbid the passing of line feed to parameters of libsemanage library
manipulating autogenerated data files (file_contexts  file_contexts.local)

How can I repair the binary policy, which still contains bad strings?
Comment 1 Daniel Walsh 2007-10-31 06:42:51 EDT
You can remove the lines by editing

vi /etc/selinux/targeted/modules/active/file_contexts.local
semodule -B


Should fix the problem.  I will look into preventing \n in input.
Comment 2 Daniel Walsh 2007-10-31 07:28:19 EDT
policycoreutils-2.0.16-14.fc7
Comment 3 Hynek Černoch 2007-10-31 08:47:52 EDT
1) you wrote: "You can remove the lines by editing.."
It was necessary to edit also 
/etc/selinux/targeted/modules/active/file_contexts.local

2)
Yes. In usernames, interfaces, transitions etc _except filenames_ should
definitely be prevented.
It may be better to transparently escape \n by \\n by libsemodule in filenames
to keep the possibility to create context patterns for all filenames the kernel
can handle. It is not good to pass more possibilities to hackers than to
administrators.

- I have an idea for a new security feature by selinux: -
It would be useful for additional security of many applications, especially
httpd scripts and email clients the capability of selinux to optionally forbid
creating of filenames with \n.

Please keep the possibility to write some experimental filecontext and modules:
eg:
  semodule fcontext -a -t insecure_name_t '.*
    .*'
libsemodule => file_contexts:
.*\n.*      system_u:object_r:insecure_name_t:s0

newmodule => something.te
...
   disallow ... insecure_name_t:file create;

Note You need to log in before you can comment on or make changes to this bug.