bugzilla-daemon at bugzilla.mindrot.org
2011-Dec-13 20:53 UTC
[Bug 1960] New: Running sshd in wrong SELinux context causes segmentation fault when a user logs in
https://bugzilla.mindrot.org/show_bug.cgi?id=1960
Bug #: 1960
Summary: Running sshd in wrong SELinux context causes
segmentation fault when a user logs in
Classification: Unclassified
Product: Portable OpenSSH
Version: 5.8p1
Platform: amd64
OS/Version: Linux
Status: NEW
Severity: minor
Priority: P2
Component: sshd
AssignedTo: unassigned-bugs at mindrot.org
ReportedBy: sven.vermeulen at siphos.be
Created attachment 2119
--> https://bugzilla.mindrot.org/attachment.cgi?id=2119
Suggested one-line patch to fix this issue
On a SELinux-enabled Linux system (but running in permissive mode), if
the SSH daemon runs in the wrong context (for instance kernel_t) a
logon of a user through SSH causes the session to terminate abruptly
due to a segmentation fault.
This is caused by not initializing the local variable "sc" in the
openbsd-compat/port-linux.c::ssh_selinux_getctxbyname() function. The
call to get_default_context() will result in the return code -1, but
"sc" is left untouched (and thus not a valid security_context_t
instance). Later in the function, "sc" is returned to the calling
function (which is ssh_selinux_setup_exec_context) which tries to free
the context through freecon(user_ctx).
This can be fixed by initializing sc to NULL to begin with (see line
59):
55 /* Return the default security context for the given username */
56 static security_context_t
57 ssh_selinux_getctxbyname(char *pwname)
58 {
59 security_context_t sc = NULL;
60 char *sename = NULL, *lvl = NULL;
61 int r;
Because it is initialized to NULL, it will remain NULL if the context
of SSH is wrong, in which case there will be no attempt to freecon() it
in ssh_selinux_setup_exec_context. If the context is correct, "sc"
will
be updated to point to a proper security_context_t instance.
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2012-Feb-24 00:32 UTC
[Bug 1960] Running sshd in wrong SELinux context causes segmentation fault when a user logs in
https://bugzilla.mindrot.org/show_bug.cgi?id=1960 --- Comment #1 from Damien Miller <djm at mindrot.org> 2012-02-24 11:32:25 EST --- Created attachment 2134 --> https://bugzilla.mindrot.org/attachment.cgi?id=2134 selinux-getctxbyname-null.diff set sc=NULL on failues too -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2012-Feb-24 00:32 UTC
[Bug 1960] Running sshd in wrong SELinux context causes segmentation fault when a user logs in
https://bugzilla.mindrot.org/show_bug.cgi?id=1960
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #2134| |ok?(dtucker at zip.com.au)
Flags| |
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2012-Feb-24 00:33 UTC
[Bug 1960] Running sshd in wrong SELinux context causes segmentation fault when a user logs in
https://bugzilla.mindrot.org/show_bug.cgi?id=1960
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |djm at mindrot.org
Blocks| |1930
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2012-Feb-24 05:09 UTC
[Bug 1960] Running sshd in wrong SELinux context causes segmentation fault when a user logs in
https://bugzilla.mindrot.org/show_bug.cgi?id=1960
Darren Tucker <dtucker at zip.com.au> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #2134| |ok+
Flags| |
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2012-Mar-08 23:25 UTC
[Bug 1960] Running sshd in wrong SELinux context causes segmentation fault when a user logs in
https://bugzilla.mindrot.org/show_bug.cgi?id=1960
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED
--- Comment #2 from Damien Miller <djm at mindrot.org> 2012-03-09 10:25:44
EST ---
Patch applied - will be in the openssh-6.0 release due very soon.
Thanks!
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.