Proper use of get_default

All of lore.kernel.org
 help / color / mirror / Atom feed

* Proper use of get_default_context
@ 2011-12-11 16:51 Sven Vermeulen
  2011-12-12 14:35 ` Stephen Smalley
  0 siblings, 1 reply; 2+ messages in thread
From: Sven Vermeulen @ 2011-12-11 16:51 UTC (permalink / raw)
  To: selinux

Hi all,

I'm trying to debug a (less important) case of SSHd segfaulting when the
user is running in permissive mode but has a wrongly labeled system,
resulting in the sshd binary running in the kernel_t context. It looks like
this causes a double-free (or something similar) [1] in the code and I'm
trying to figure out how to best deal with this.

[1] https://bugs.gentoo.org/show_bug.cgi?id=377203

>From the looks of it, I think it boils down to get_default_context which
returns -1 (as expected) but either leaves the security_context_t as-is or
makes it NULL.

 98 int get_default_context(const char *user,
 99                         security_context_t fromcon, security_context_t * newcon)
100 {
101         security_context_t *conary;
102         int rc;
103 
104         rc = get_ordered_context_list(user, fromcon, &conary);
105         if (rc <= 0)
106                 return -1;
107 
108         *newcon = strdup(conary[0]);
109         freeconary(conary);
110         if (!(*newcon))
111                 return -1;
112         return 0;
113 }

Am I correct to state that, if the newcon variable was not set to a valid
security_context_t before, then I can just set newcon to NULL?

Like in OpenSSH's ssh_selinux_getctxbyname:

  static security_context_t ssh_selinux_getctxbyname(char *pwname) {
    security_context_t sc;
    ...
    r = get_default_context(pwname, NULL, &sc);

    return(sc);
  }

I think the above might be updated with:

  if (r != -1)
    return(sc);
  else
    return(NULL);

Otherwise a later call tries to freecon(sc) which then fails (in case of
OpenSSH, that's in ssh_selinux_setup_exec_context()).

Am I making sense here?

Wkr,
	Sven Vermeulen

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: Proper use of get_default_context
  2011-12-11 16:51 Proper use of get_default_context Sven Vermeulen
@ 2011-12-12 14:35 ` Stephen Smalley
  0 siblings, 0 replies; 2+ messages in thread
From: Stephen Smalley @ 2011-12-12 14:35 UTC (permalink / raw)
  To: Sven Vermeulen; +Cc: selinux

On Sun, 2011-12-11 at 17:51 +0100, Sven Vermeulen wrote:
> Hi all,
> 
> I'm trying to debug a (less important) case of SSHd segfaulting when the
> user is running in permissive mode but has a wrongly labeled system,
> resulting in the sshd binary running in the kernel_t context. It looks like
> this causes a double-free (or something similar) [1] in the code and I'm
> trying to figure out how to best deal with this.
> 
> [1] https://bugs.gentoo.org/show_bug.cgi?id=377203
> 
> >From the looks of it, I think it boils down to get_default_context which
> returns -1 (as expected) but either leaves the security_context_t as-is or
> makes it NULL.
> 
>  98 int get_default_context(const char *user,
>  99                         security_context_t fromcon, security_context_t * newcon)
> 100 {
> 101         security_context_t *conary;
> 102         int rc;
> 103 
> 104         rc = get_ordered_context_list(user, fromcon, &conary);
> 105         if (rc <= 0)
> 106                 return -1;
> 107 
> 108         *newcon = strdup(conary[0]);
> 109         freeconary(conary);
> 110         if (!(*newcon))
> 111                 return -1;
> 112         return 0;
> 113 }
> 
> Am I correct to state that, if the newcon variable was not set to a valid
> security_context_t before, then I can just set newcon to NULL?
> 
> Like in OpenSSH's ssh_selinux_getctxbyname:
> 
>   static security_context_t ssh_selinux_getctxbyname(char *pwname) {
>     security_context_t sc;
>     ...
>     r = get_default_context(pwname, NULL, &sc);
> 
>     return(sc);
>   }
> 
> I think the above might be updated with:
> 
>   if (r != -1)
>     return(sc);
>   else
>     return(NULL);
> 
> Otherwise a later call tries to freecon(sc) which then fails (in case of
> OpenSSH, that's in ssh_selinux_setup_exec_context()).
> 
> Am I making sense here?

That would work, or you could initialize sc to NULL before calling
get_default_context(), and then unconditionally return sc.  

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2011-12-12 14:35 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-12-11 16:51 Proper use of get_default_context Sven Vermeulen
2011-12-12 14:35 ` Stephen Smalley

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.