Red Hat Bugzilla – Bug 456051
kernel: fix array out of bounds when mounting with selinux options [rhel-4.8]
Last modified: 2009-05-18 15:16:48 EDT
Description of problem:
Given an illegal selinux option it was possible for match_token to work in
random memory at the end of the match_table_t array.
Note that privilege is required to perform a context mount, so this issue is
effectively limited to root only.
Proposed upstream patch:
Created attachment 312235 [details]
Upstream patch for this issue
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release. Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products. This request is not yet committed for inclusion in an Update
Updating PM score.
Committed in 78.8.EL . RPMS are available at http://people.redhat.com/vgoyal/rhel4/
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.