Bug 610088 - segfault when selinux prevents reading of /usr/share/cups/mime/mime.types
segfault when selinux prevents reading of /usr/share/cups/mime/mime.types
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: cups (Show other bugs)
13
All Linux
low Severity medium
: ---
: ---
Assigned To: Tim Waugh
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2010-07-01 10:36 EDT by nvwarr
Modified: 2011-01-24 11:26 EST (History)
2 users (show)

See Also:
Fixed In Version: cups-1.4.4-10.fc12
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2011-01-24 11:26:14 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
CUPS Bugs and Features 3690 None None None Never

  None (edit)
Description nvwarr 2010-07-01 10:36:59 EDT
Description of problem:

Segmentation fault on printing when selinux was enabled and preventing access to  /usr/share/cups/mime/mime.types

Version-Release number of selected component (if applicable): cups-1.4.3-6.fc1

How reproducible: always with enforcing selinux, never with permissive selinux


Steps to Reproduce:
1. start cups
2. print anything
3. segfault
  
Actual results: segfault


Expected results: either the document should be printed, or if selinux makes it impossible to do so a coherent message should be generated, not a segfault.


Additional info:
The fault occurs in vsnprint, which is called from scheduler/log.c:1024. At this point, log_line is sensible, log_linesize is sensible and message is sensible, but it turned out that ap was not. This function was called from scheduler/log.c:223 which in turn was called from scheduler/ipp.c:10374. I found that the parameters filetype->super and filetype->type had the values 0x8 and 0x18 respectively, which is nonsense as they should be the addresses of strings which are to be written into the log message.

These strings are obtained from the call to mimeType in the line above. It seems that the mime database is corrupt. On further investigation, I found that turning selinux into permissive mode caused cups to start working and then (and not with selinux in enforcing mode) I got the log message:
SELinux is preventing /usr/sbin/cupsd "read" access on /usr/share/cups/mime/mime.types

So what I think is happening is that cupsFileOpen is trying to open the file and failing so it returns NULL to the calling function at scheduler/mime.c:691 which silently returns without any return value as it is a void function. So cups completely fails to inform the user that it was unable to read mime.types and it would seem also fails to initialise the mime database in any sensible way.

Turning on debugging didn't help at all with this problem as no useful debugging message is given.

I'm still not quite sure why the database was corrupt.

Anyway, the problem is for me solved by turning off selinux which was also breaking other things. So I'll go with Theodore Tso's opinion that "life is too short for SELinux". However, you should probably consider better error trapping. Whatever selinux does, cups shouldn't segfault!
Comment 1 Fedora Update System 2010-11-11 07:33:05 EST
cups-1.4.4-11.fc14 has been submitted as an update for Fedora 14.
https://admin.fedoraproject.org/updates/cups-1.4.4-11.fc14
Comment 2 Fedora Update System 2010-11-11 07:34:20 EST
cups-1.4.4-11.fc13 has been submitted as an update for Fedora 13.
https://admin.fedoraproject.org/updates/cups-1.4.4-11.fc13
Comment 3 Fedora Update System 2010-11-16 18:22:20 EST
cups-1.4.4-11.fc14 has been pushed to the Fedora 14 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 4 Fedora Update System 2010-11-22 17:19:31 EST
cups-1.4.4-11.fc13 has been pushed to the Fedora 13 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.