Bug 632914 - ssh(1) dies on SIGSEGV when SELinux policy is not installed
ssh(1) dies on SIGSEGV when SELinux policy is not installed
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: openssh (Show other bugs)
14
x86_64 Linux
low Severity medium
: ---
: ---
Assigned To: Jan F. Chadima
Fedora Extras Quality Assurance
: SELinux
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2010-09-11 17:21 EDT by Kamil Dudka
Modified: 2010-09-14 03:32 EDT (History)
3 users (show)

See Also:
Fixed In Version: openssh-5.5p1-20.fc14
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-09-14 01:07:54 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Kamil Dudka 2010-09-11 17:21:43 EDT
Version-Release number of selected component (if applicable):
openssh-clients-5.5p1-18.fc14.x86_64


How reproducible:
100%


Steps to Reproduce:
$ mock -v -r fedora-14-x86_64 --init
$ mock -v -r fedora-14-x86_64 --install openssh-clients
# chroot /var/lib/mock/fedora-14-x86_64/root
# ssh localhost

  
Actual results:
Segmentation fault (core dumped)


Additional info:
# gdb -q --args ssh localhost

(gdb) break matchpathcon
Breakpoint 1 at 0x90a0

(gdb) run
Breakpoint 1, matchpathcon (name=0x7fffffffcea0 "/root/.ssh", mode=448, con=0x7fffffffc7b8) at matchpathcon.c:316
316     {

(gdb) finish
Run till exit from #0  matchpathcon (name=0x7fffffffcea0 "/root/.ssh", mode=448, con=0x7fffffffc7b8) at matchpathcon.c:316
main (ac=<value optimized out>, av=<value optimized out>) at ssh.c:829
829                     setfscreatecon(scon);
Value returned is $1 = -1

(gdb) list
824                 strcmp(pw->pw_dir, "/") ? "/" : "", _PATH_SSH_USER_DIR);
825             if (r > 0 && (size_t)r < sizeof(buf) && stat(buf, &st) < 0) {
826                     char *scon;
827
828                     matchpathcon(buf, 0700, &scon);
829                     setfscreatecon(scon);
830                     if (mkdir(buf, 0700) < 0)
831                             error("Could not create directory '%.200s'.", buf);
832                     setfscreatecon(NULL);
833             }

(gdb) print scon
$2 = 0x500000001 <Address 0x500000001 out of bounds>

(gdb) next
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff5896982 in __strlen_sse2 () from /lib64/libc.so.6

(gdb) bt
#0  0x00007ffff5896982 in __strlen_sse2 () from /lib64/libc.so.6
#1  0x00007ffff5896696 in strdup () from /lib64/libc.so.6
#2  0x00007ffff796dd28 in selinux_trans_to_raw_context (trans=0x500000001 <Address 0x500000001 out of bounds>, rawp=0x7fffffffc6a8) at setrans_client.c:259
#3  0x00007ffff796c4a0 in setprocattrcon (context=<value optimized out>, attr=0x7ffff7970996 "fscreate", pid=0) at procattr.c:135
#4  0x00007ffff7fa8731 in main (ac=<value optimized out>, av=<value optimized out>) at ssh.c:829
Comment 1 Jan F. Chadima 2010-09-13 04:41:47 EDT
temporarily repaired in Rawhide's openssh-5.6p1-4  can you test it please?
Comment 2 Kamil Dudka 2010-09-13 05:03:56 EDT
Works for me.  Thanks!
Comment 3 Jan F. Chadima 2010-09-13 06:05:00 EDT
can you test openssh-5.6p1-5 also?
Comment 4 Kamil Dudka 2010-09-13 06:15:39 EDT
still working...
Comment 5 Jan F. Chadima 2010-09-13 06:23:51 EDT
thx, do you want it as update of f14?
Comment 6 Kamil Dudka 2010-09-13 06:39:10 EDT
It'd be certainly appreciated as the bug weakens curl's test-suite:

http://kojipkgs.fedoraproject.org/packages/curl/7.21.0/5.fc14/data/logs/x86_64/build.log

... but if the update was a problem, we could add BuildRequire for selinux-policy-targeted as a workaround, as we already did in rawhide curl.
Comment 7 Jan F. Chadima 2010-09-13 07:55:22 EDT
be my guest,
and test!
Comment 8 Kamil Dudka 2010-09-13 08:23:39 EDT
There seems to be a typo in openssh.spec:

diff --git a/openssh.spec b/openssh.spec
index 8eca6ab..dcd4280 100644
--- a/openssh.spec
+++ b/openssh.spec
@@ -326,7 +326,7 @@ CFLAGS="$CFLAGS -fpic"
 %endif
 export CFLAGS
 SAVE_LDFLAGS="$LDFLAGS"
-LDFLAGS="$LDFLAGS -pie z relro -z now"; export LDFLAGS
+LDFLAGS="$LDFLAGS -pie -z relro -z now"; export LDFLAGS
 %endif
 %if %{kerberos5}
 if test -r /etc/profile.d/krb5-devel.sh ; then
Comment 9 Fedora Update System 2010-09-13 09:10:50 EDT
openssh-5.5p1-20.fc14 has been submitted as an update for Fedora 14.
https://admin.fedoraproject.org/updates/openssh-5.5p1-20.fc14
Comment 10 Fedora Update System 2010-09-14 01:07:50 EDT
openssh-5.5p1-20.fc14 has been pushed to the Fedora 14 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 11 Jan F. Chadima 2010-09-14 03:02:11 EDT
(In reply to comment #8)
> There seems to be a typo in openssh.spec:
> 
> diff --git a/openssh.spec b/openssh.spec
> index 8eca6ab..dcd4280 100644
> --- a/openssh.spec
> +++ b/openssh.spec
> @@ -326,7 +326,7 @@ CFLAGS="$CFLAGS -fpic"
>  %endif
>  export CFLAGS
>  SAVE_LDFLAGS="$LDFLAGS"
> -LDFLAGS="$LDFLAGS -pie z relro -z now"; export LDFLAGS
> +LDFLAGS="$LDFLAGS -pie -z relro -z now"; export LDFLAGS
>  %endif
>  %if %{kerberos5}
>  if test -r /etc/profile.d/krb5-devel.sh ; then

this is reparation of the typo
Comment 12 Kamil Dudka 2010-09-14 03:32:45 EDT
I did a scratch build of curl-7.21.0-5.fc14 against openssh-5.5p1-20.fc14 from stable and SCP/SFTP tests ran successfully on both i686 and x86_64:

http://koji.fedoraproject.org/koji/taskinfo?taskID=2466279

Note You need to log in before you can comment on or make changes to this bug.