Selinux #3
Closed
Selinux #3
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* gl/modules/selinux-at: New module. Check for libselinux and set LIB_SELINUX here, unconditionally, rather than depending on the configure-time --enable-selinux option. * gl/modules/selinux-h: New module. * bootstrap.conf (gnulib_modules): Add selinux-at. * gl/lib/selinux-at.c, gl/lib/selinux-at.h: New files. * gl/lib/se-selinux_.h: New file. * gl/lib/se-context_.h: New file. * gl/m4/selinux-selinux-h.m4: New file. * gl/m4/selinux-context-h.m4: New file. * src/Makefile.am (bin_PROGRAMS): Add chcon. (chcon_LDADD): Define. * README: Add chcon to the list of programs. * src/chcon.c: Rewrite the original (Red Hat) chcon to use fts.
* man/Makefile.am: Build chcon.1.
I started with the patches from Red Hat. The entries below tell how the code evolved. * src/ls.c (print_long_format, print_file_name_and_frills): When there is no security context (due to getfilecon/lgetfilecon failing with e.g. ENOTSUP), print it as "?", not "". * src/ls.c (print_file_name_and_frills): Make -Z work without -l. (length_of_file_name_and_frills): Likewise. * src/ls.c: Remove the --lcontext and --scontext options. Change the way -Z, --context work so that it no longer implies -l. Thus, -Z -l will work like -lcontext and -Z without -l will work like --scontext. Adjust tests to reflect new 'ls -l' syntax -- affects only systems with SELinux when operating on a file with no ACL. These tests assumed that everything before the first space on each line is the 10-byte mode string. But there may also be a "+" in the 11th column, just before the space. However, note that this is not new. The same thing would have happened even without the change below, when listing a file with an ACL. * tests/chmod/equals, tests/cp/cp-parents, tests/cp/fail-perm: * tests/cp/link-preserve, tests/install/basic-1, tests/misc/mknod: * tests/mkdir/parents, tests/mkdir/special-1, tests/mv/partition-perm: Don't make compilation depend on USE_ACL. An SELinux security context counts as an "alternate access control method", so ls must output a "+" for each file with a security context. * src/ls.c [struct fileinfo] (have_acl): Declare unconditionally. (FILE_HAS_ACL): Remove macro definition. Use f->have_acl directly. (gobble_file): Record whether a file has a security context, and update the condition used to determine whether to print the "+". (gobble_file): Call getfilecon/lgetfilecon also when format == long_format, so that we get the "+". * src/ls.c (gobble_file): Add a comment explaining why (with a security context option) ls doesn't exit nonzero due to e.g., getfilecon failing with errno == ENOTSUP. * src/ls.c (gobble_file): Ignore failure of getfilecon if it's due to ENOTSUP. * src/ls.c (gobble_file): Factor out three small blocks using getfilecon and lgetfilecon. Don't ignore return value from getfilecon and lgetfilecon. * src/ls.c (print_long_format): Don't use ?: (empty 2nd arg with C ternary operator). (print_scontext_format): Likewise. (print_scontext): Declare to be "bool", not int. Adjust uses. * src/Makefile.am (dir_LDADD, ls_LDADD, vdir_LDADD): Add $(LIB_SELINUX). * tests/misc/chcon: New file. * tests/misc/chcon-fail: New file. * tests/Makefile.am (check-root): Run new, root-only misc/chcon test. * tests/misc/Makefile.am (TESTS): Add chcon and chcon-fail. * tests/misc/Makefile.am (TESTS): Add selinux. * tests/misc/selinux: New file. * tests/help-version: Skip chcon.
* src/stat.c (follow_links): Make this variable file-global. (out_file_context): New function. (print_statfs): Honor %C. (print_stat): Honor %C. (do_stat): Remove follow_links parameter. (usage): Document the two %C directives. (main): Accept -Z (though it's a no-op). * src/Makefile.am (stat_LDADD): Define.
* src/id.c (main): Apply patches from Fedora, with these changes: Remove #ifdef WITH_SELINUX. Use error (EXIT_FAILURE, not fprintf+exit(1). * src/Makefile.am (id_LDADD): Define, so as to add $(LIB_SELINUX).
Upon failed getfilecon, accept not just ENOTSUP, but also ENODATA.
temporarily removed the offending c99'ism.
of the tested tools, not just ls.
patch, mv and cp do not provide the "-Z context" option. * src/copy.c: Include <selinux/selinux.h>. (restore_default_fscreatecon): New function. (copy_reg): Make cp --preserve=context work for existing destination. (copy_internal): Likewise for new destinations. * src/copy.h (cp_options) [preserve_security_context]: New member. * src/cp.c: Include <selinux/selinux.h>. (selinux_enabled): New global. (usage): Mention new --preserve=context option. (PRESERVE_CONTEXT): Define/use. (decode_preserve_arg): Handle PRESERVE_CONTEXT. (main): Remove an obsolete comment. If --preserve=context is specified on a system without SELinux enabled, give a diagnostic and fail. * src/mv.c: Include <selinux/selinux.h>. Set x->preserve_security_context if SELinux is enabled. * src/install.c: Accept new "-Z, --context=C" option. Accept --preserve-context option (but not -P option). Accept alternate spelling: --preserve_context, for now. Include <selinux/selinux.h> and "quotearg.h". (selinux_enabled, use_default_selinux_context): New globals. (PRESERVE_CONTEXT_OPTION): Define. (cp_option_init): Default: do not preserve security context. (setdefaultfilecon): New function. (main): Honor new options. * src/Makefile.am (mv_LDADD, cp_LDADD, ginstall_LDADD): Add $(LIB_SELINUX).
* tests/cp/Makefile.am (TESTS): Add cp-a-selinux. * tests/selinux: New file. * tests/Makefile.am (EXTRA_DIST): Add selinux. * tests/misc/selinux: Source the new script, rather than open coding it. Change how "cp -a" and "cp --preserve=context" work with SELinux. Now, cp -a attempts to preserve context, but failure to do so does not change cp's exit status. However "cp --preserve=context" is similar, but failure *does* cause cp to exit with nonzero status. * src/copy.h (struct cp_options) [require_preserve_context]: New member. * src/copy.c (copy_reg, copy_internal): Implement the above. * src/mv.c (cp_option_init): Initialize the new member. * src/install.c (cp_option_init): Likewise. * src/cp.c (cp_option_init): Likewise. (decode_preserve_arg): Set it or reset it. FIXME: add an on-writable-NFS-only test
* src/mkdir.c: Include <selinux/selinux.h>. (main): Honor it. * src/Makefile.am (mkdir_LDADD): Use $(LIB_SELINUX).
* src/mkfifo.c, src/mknod.c: Include <selinux/selinux.h>. (main): Honor it. * src/Makefile.am (mkfifo_LDADD, mknod_LDADD): Use $(LIB_SELINUX).
* src/Makefile.am (bin_PROGRAMS): Add runcon. (runcon_LDADD): Define. * README: Add runcon to the list of programs. * AUTHORS: Add this: runcon: Russell Coker * tests/help-version: Add runcon as an exception. * man/Makefile.am (dist_man_MANS): Add runcon.1. (runcon.1): New dependency. * po/POTFILES.in: Add src/runcon.c.
* tests/Makefile.am (t9): New target, to run tests/cp/cp-a-selinux. (all_t): Add t9. Use a directory on a loopback device mounted with -o context=... * tests/cp/cp-a-selinux: Since this test now runs mount and umount, it is a root-only one.
Ulrich Drepper in <http://bugzilla.redhat.com/232652>. * tests/misc/runcon-no-reorder: New file. Test for the above. * tests/misc/Makefile.am (TESTS): Add runcon-no-reorder.
pixelb
added a commit
to pixelb/coreutils
that referenced
this pull request
Oct 31, 2016
This was detected in about 25% of runs with gcc -fsanitize=address
ERROR: AddressSanitizer: global-buffer-overflow on address ...
READ of size 4 at 0x000000416628 thread T0
#0 0x40479f in genpattern src/shred.c:782
coreutils#1 0x4050d9 in do_wipefd src/shred.c:921
coreutils#2 0x406203 in wipefile src/shred.c:1175
coreutils#3 0x406b84 in main src/shred.c:1316
coreutils#4 0x7f3454a1ef9f in __libc_start_main (/lib64/libc.so.6+0x1ff9f)
coreutils#5 0x4025d8 (/tmp/coreutils-8.23/src/shred+0x4025d8)
0x000000416628 is located 56 bytes to the left of
global variable '*.LC49' from 'src/shred.c' (0x416660) of size 17
0x000000416628 is located 12 bytes to the right of
global variable 'patterns' from 'src/shred.c' (0x416540) of size 220
SUMMARY: AddressSanitizer: global-buffer-overflow src/shred.c:782
* src/shred.c (gen_patterns): Restrict pattern selection
to the K available, which regressed due to v5.92-1462-g65533e1.
* tests/misc/shred-passes.sh: Add a deterministic test case.
* NEWS: Mention the bug fix.
Fixes http://bugs.gnu.org/20998
hubot
pushed a commit
that referenced
this pull request
Nov 29, 2016
ASAN reported this error for: split -n2/3 /dev/null ERROR: AddressSanitizer: negative-size-param: (size=-1) #0 0x7f0d4c36951d in __asan_memmove (/lib64/libasan.so.2+0x8d51d) #1 0x404e06 in memmove /usr/include/bits/string3.h:59 #2 0x404e06 in bytes_chunk_extract src/split.c:988 #3 0x404e06 in main src/split.c:1626 Specifically there would be invalid memory access and subsequent processing if the chunk to be extracted was beyond the initial amount read from file (which is currently capped at 128KiB). This issue is not in a released version, only being introduced in commit v8.25-4-g62e7af0 * src/split.c (bytes_chunk_extract): The initial_read != SIZE_MAX should have been combined with && rather than ||, but also this condition is always true in this function so remove entirely. * tests/split/b-chunk.sh: Add a test case. Fixes http://bugs.gnu.org/25003
hubot
pushed a commit
that referenced
this pull request
Nov 29, 2016
This was detected with:
echo a > a; pr "-S$(printf "\t\t\t")" a -m a > /dev/null
Resulting in ASAN triggering:
====================================================
ERROR: AddressSanitizer: global-buffer-overflow
READ of size 1 at 0x00000041b622 thread T0
#0 0x40506a in print_sep_string ../src/pr.c:2241
#1 0x407ec4 in read_line ../src/pr.c:2493
#2 0x40985c in print_page ../src/pr.c:1802
#3 0x40985c in print_files ../src/pr.c:1618
#4 0x4036e0 in main ../src/pr.c:1136
* src/pr.c (init_parameters): Ensure we only override the
specified separator when it's a single tab, thus matching
the calculated separator length.
* tests/pr/pr-tests.pl: Add a test case.
* NEWS: Mention the fix.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.