Bug 632914 - ssh(1) dies on SIGSEGV when SELinux policy is not installed
Summary: ssh(1) dies on SIGSEGV when SELinux policy is not installed
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: openssh
Version: 14
Hardware: x86_64
OS: Linux
low
medium
Target Milestone: ---
Assignee: Jan F. Chadima
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-09-11 21:21 UTC by Kamil Dudka
Modified: 2010-09-14 07:32 UTC (History)
3 users (show)

Fixed In Version: openssh-5.5p1-20.fc14
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2010-09-14 05:07:54 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description Kamil Dudka 2010-09-11 21:21:43 UTC
Version-Release number of selected component (if applicable):
openssh-clients-5.5p1-18.fc14.x86_64


How reproducible:
100%


Steps to Reproduce:
$ mock -v -r fedora-14-x86_64 --init
$ mock -v -r fedora-14-x86_64 --install openssh-clients
# chroot /var/lib/mock/fedora-14-x86_64/root
# ssh localhost

  
Actual results:
Segmentation fault (core dumped)


Additional info:
# gdb -q --args ssh localhost

(gdb) break matchpathcon
Breakpoint 1 at 0x90a0

(gdb) run
Breakpoint 1, matchpathcon (name=0x7fffffffcea0 "/root/.ssh", mode=448, con=0x7fffffffc7b8) at matchpathcon.c:316
316     {

(gdb) finish
Run till exit from #0  matchpathcon (name=0x7fffffffcea0 "/root/.ssh", mode=448, con=0x7fffffffc7b8) at matchpathcon.c:316
main (ac=<value optimized out>, av=<value optimized out>) at ssh.c:829
829                     setfscreatecon(scon);
Value returned is $1 = -1

(gdb) list
824                 strcmp(pw->pw_dir, "/") ? "/" : "", _PATH_SSH_USER_DIR);
825             if (r > 0 && (size_t)r < sizeof(buf) && stat(buf, &st) < 0) {
826                     char *scon;
827
828                     matchpathcon(buf, 0700, &scon);
829                     setfscreatecon(scon);
830                     if (mkdir(buf, 0700) < 0)
831                             error("Could not create directory '%.200s'.", buf);
832                     setfscreatecon(NULL);
833             }

(gdb) print scon
$2 = 0x500000001 <Address 0x500000001 out of bounds>

(gdb) next
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff5896982 in __strlen_sse2 () from /lib64/libc.so.6

(gdb) bt
#0  0x00007ffff5896982 in __strlen_sse2 () from /lib64/libc.so.6
#1  0x00007ffff5896696 in strdup () from /lib64/libc.so.6
#2  0x00007ffff796dd28 in selinux_trans_to_raw_context (trans=0x500000001 <Address 0x500000001 out of bounds>, rawp=0x7fffffffc6a8) at setrans_client.c:259
#3  0x00007ffff796c4a0 in setprocattrcon (context=<value optimized out>, attr=0x7ffff7970996 "fscreate", pid=0) at procattr.c:135
#4  0x00007ffff7fa8731 in main (ac=<value optimized out>, av=<value optimized out>) at ssh.c:829

Comment 1 Jan F. Chadima 2010-09-13 08:41:47 UTC
temporarily repaired in Rawhide's openssh-5.6p1-4  can you test it please?

Comment 2 Kamil Dudka 2010-09-13 09:03:56 UTC
Works for me.  Thanks!

Comment 3 Jan F. Chadima 2010-09-13 10:05:00 UTC
can you test openssh-5.6p1-5 also?

Comment 4 Kamil Dudka 2010-09-13 10:15:39 UTC
still working...

Comment 5 Jan F. Chadima 2010-09-13 10:23:51 UTC
thx, do you want it as update of f14?

Comment 6 Kamil Dudka 2010-09-13 10:39:10 UTC
It'd be certainly appreciated as the bug weakens curl's test-suite:

http://kojipkgs.fedoraproject.org/packages/curl/7.21.0/5.fc14/data/logs/x86_64/build.log

... but if the update was a problem, we could add BuildRequire for selinux-policy-targeted as a workaround, as we already did in rawhide curl.

Comment 7 Jan F. Chadima 2010-09-13 11:55:22 UTC
be my guest,
and test!

Comment 8 Kamil Dudka 2010-09-13 12:23:39 UTC
There seems to be a typo in openssh.spec:

diff --git a/openssh.spec b/openssh.spec
index 8eca6ab..dcd4280 100644
--- a/openssh.spec
+++ b/openssh.spec
@@ -326,7 +326,7 @@ CFLAGS="$CFLAGS -fpic"
 %endif
 export CFLAGS
 SAVE_LDFLAGS="$LDFLAGS"
-LDFLAGS="$LDFLAGS -pie z relro -z now"; export LDFLAGS
+LDFLAGS="$LDFLAGS -pie -z relro -z now"; export LDFLAGS
 %endif
 %if %{kerberos5}
 if test -r /etc/profile.d/krb5-devel.sh ; then

Comment 9 Fedora Update System 2010-09-13 13:10:50 UTC
openssh-5.5p1-20.fc14 has been submitted as an update for Fedora 14.
https://admin.fedoraproject.org/updates/openssh-5.5p1-20.fc14

Comment 10 Fedora Update System 2010-09-14 05:07:50 UTC
openssh-5.5p1-20.fc14 has been pushed to the Fedora 14 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 11 Jan F. Chadima 2010-09-14 07:02:11 UTC
(In reply to comment #8)
> There seems to be a typo in openssh.spec:
> 
> diff --git a/openssh.spec b/openssh.spec
> index 8eca6ab..dcd4280 100644
> --- a/openssh.spec
> +++ b/openssh.spec
> @@ -326,7 +326,7 @@ CFLAGS="$CFLAGS -fpic"
>  %endif
>  export CFLAGS
>  SAVE_LDFLAGS="$LDFLAGS"
> -LDFLAGS="$LDFLAGS -pie z relro -z now"; export LDFLAGS
> +LDFLAGS="$LDFLAGS -pie -z relro -z now"; export LDFLAGS
>  %endif
>  %if %{kerberos5}
>  if test -r /etc/profile.d/krb5-devel.sh ; then

this is reparation of the typo

Comment 12 Kamil Dudka 2010-09-14 07:32:45 UTC
I did a scratch build of curl-7.21.0-5.fc14 against openssh-5.5p1-20.fc14 from stable and SCP/SFTP tests ran successfully on both i686 and x86_64:

http://koji.fedoraproject.org/koji/taskinfo?taskID=2466279


Note You need to log in before you can comment on or make changes to this bug.