Red Hat Bugzilla – Bug 359531
corrupting file context database
Last modified: 2008-01-21 10:42:29 EST
File context database became corrupted after an mistaken semanage fcontext..
command containing \n character. Afterwards it is not possible to execute any
semanage fcontext.. command, neither to delete it nor to list.
Steps to Reproduce:
semanage fcontext -a -t samba_share_t '/samba
semanage fcontext -a -t public_content_rw_t '/samba/www
(Some ending apostrophes forgotten, when two commands were pasted from editor to
It is also possible to corrupt the users* database by "semanage user.." and
Please forbid the passing of line feed to parameters of libsemanage library
manipulating autogenerated data files (file_contexts file_contexts.local)
How can I repair the binary policy, which still contains bad strings?
You can remove the lines by editing
Should fix the problem. I will look into preventing \n in input.
1) you wrote: "You can remove the lines by editing.."
It was necessary to edit also
Yes. In usernames, interfaces, transitions etc _except filenames_ should
definitely be prevented.
It may be better to transparently escape \n by \\n by libsemodule in filenames
to keep the possibility to create context patterns for all filenames the kernel
can handle. It is not good to pass more possibilities to hackers than to
- I have an idea for a new security feature by selinux: -
It would be useful for additional security of many applications, especially
httpd scripts and email clients the capability of selinux to optionally forbid
creating of filenames with \n.
Please keep the possibility to write some experimental filecontext and modules:
semodule fcontext -a -t insecure_name_t '.*
libsemodule => file_contexts:
newmodule => something.te
disallow ... insecure_name_t:file create;