bugzilla-daemon at bugzilla.mindrot.org
2011-Jan-27 12:09 UTC
[Bug 1851] New: ssh_selinux_setfscreatecon segfaults if SELinux support is compiled in but is disabled at run-time
https://bugzilla.mindrot.org/show_bug.cgi?id=1851
Summary: ssh_selinux_setfscreatecon segfaults if SELinux
support is compiled in but is disabled at run-time
Product: Portable OpenSSH
Version: 5.7p1
Platform: All
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: ssh
AssignedTo: unassigned-bugs at mindrot.org
ReportedBy: cjwatson at debian.org
Created attachment 1984
--> https://bugzilla.mindrot.org/attachment.cgi?id=1984
more error checks in ssh_selinux_setfscreatecon
The Debian/Ubuntu OpenSSH packages are compiled with SELinux support,
but SELinux isn't necessarily available at run-time. If it's
unavailable, then ssh_selinux_setfscreatecon may crash because it does
not either (a) check ssh_selinux_enabled or (b) check the return value
of matchpathcon. I suspect it should do both, although I'm not sure
whether any error message is necessary if matchpathcon fails - does
this just mean that the configuration doesn't specify any particular
context? (I'm not an SELinux expert.)
Patch attached which at least clears up the crash.
(BTW, the indentation in ssh_selinux_setfscreatecon is non-standard.)
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2011-Jan-27 23:26 UTC
[Bug 1851] ssh_selinux_setfscreatecon segfaults if SELinux support is compiled in but is disabled at run-time
https://bugzilla.mindrot.org/show_bug.cgi?id=1851
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |djm at mindrot.org
Blocks| |1845
Status|NEW |RESOLVED
Resolution| |FIXED
--- Comment #1 from Damien Miller <djm at mindrot.org> 2011-01-28 10:26:17
EST ---
Patch applied - thanks.
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2011-Feb-04 11:39 UTC
[Bug 1851] ssh_selinux_setfscreatecon segfaults if SELinux support is compiled in but is disabled at run-time
https://bugzilla.mindrot.org/show_bug.cgi?id=1851
Leonardo Chiquitto <leonardo at ngdn.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |leonardo at ngdn.org
--- Comment #2 from Leonardo Chiquitto <leonardo at ngdn.org> 2011-02-04
22:39:40 EST ---
This patch* was misapplied and causes a syntax error when building
5.8p1 with SELinux enabled.
* http://hg.mindrot.org/openssh/rev/8611ccf82385
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2011-Feb-04 11:40 UTC
[Bug 1851] ssh_selinux_setfscreatecon segfaults if SELinux support is compiled in but is disabled at run-time
https://bugzilla.mindrot.org/show_bug.cgi?id=1851 --- Comment #3 from Leonardo Chiquitto <leonardo at ngdn.org> 2011-02-04 22:40:41 EST --- Created attachment 1991 --> https://bugzilla.mindrot.org/attachment.cgi?id=1991 openssh-5.8p1-syntex-error.diff -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2011-Feb-06 02:25 UTC
[Bug 1851] ssh_selinux_setfscreatecon segfaults if SELinux support is compiled in but is disabled at run-time
https://bugzilla.mindrot.org/show_bug.cgi?id=1851
Darren Tucker <dtucker at zip.com.au> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |dtucker at zip.com.au
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2011-Feb-06 02:25 UTC
[Bug 1851] ssh_selinux_setfscreatecon segfaults if SELinux support is compiled in but is disabled at run-time
https://bugzilla.mindrot.org/show_bug.cgi?id=1851 --- Comment #4 from Darren Tucker <dtucker at zip.com.au> 2011-02-06 13:25:34 EST --- Applied, thanks. -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2011-Sep-06 05:32 UTC
[Bug 1851] ssh_selinux_setfscreatecon segfaults if SELinux support is compiled in but is disabled at run-time
https://bugzilla.mindrot.org/show_bug.cgi?id=1851
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |CLOSED
--- Comment #5 from Damien Miller <djm at mindrot.org> 2011-09-06 15:32:49
EST ---
close resolved bugs now that openssh-5.9 has been released
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
Apparently Analagous Threads
- [Bug 1850] New: Build fails when SELinux is enabled
- [patch] the memory which is allocated by matchpathcon should be freed after it is useless
- [v1 PATCH 1/1] Free memory
- Announce: OpenSSH 5.8 released
- [v1 PATCH 0/1] Review request for a memory leak fix for openssh