* libsemanage direct_api can return errors < 0.
@ 2009-06-08 19:07 Daniel J Walsh
2009-07-07 19:47 ` Joshua Brindle
0 siblings, 1 reply; 3+ messages in thread
From: Daniel J Walsh @ 2009-06-08 19:07 UTC (permalink / raw)
To: SELinux
[-- Attachment #1: Type: text/plain, Size: 0 bytes --]
[-- Attachment #2: libsemanage-directapi.patch --]
[-- Type: text/plain, Size: 1177 bytes --]
--- nsalibsemanage/src/direct_api.c 2009-01-13 08:45:35.000000000 -0500
+++ libsemanage-2.0.31/src/direct_api.c 2009-06-02 14:54:20.000000000 -0400
@@ -991,7 +991,7 @@
int retval = -1;
char *data = NULL;
- size_t data_len = 0;
+ ssize_t data_len = 0;
int compressed = 0;
int in_fd = -1;
@@ -999,7 +999,7 @@
return -1;
}
- if ((data_len = map_file(in_fd, &data, &compressed)) == 0) {
+ if ((data_len = map_file(in_fd, &data, &compressed)) <= 0) {
goto cleanup;
}
@@ -1117,7 +1117,7 @@
{
int retval = -1;
char *data = NULL;
- size_t data_len = 0;
+ ssize_t data_len = 0;
int compressed = 0;
int in_fd = -1;
@@ -1125,7 +1125,7 @@
return -1;
}
- if ((data_len = map_file(in_fd, &data, &compressed)) == 0) {
+ if ((data_len = map_file(in_fd, &data, &compressed)) <= 0) {
goto cleanup;
}
@@ -1187,7 +1187,7 @@
{
int retval = -1;
char *data = NULL;
- size_t data_len = 0;
+ ssize_t data_len = 0;
int compressed = 0;
int in_fd;
@@ -1195,7 +1195,7 @@
return -1;
}
- if ((data_len = map_file(in_fd, &data, &compressed)) == 0) {
+ if ((data_len = map_file(in_fd, &data, &compressed)) <= 0) {
goto cleanup;
}
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: libsemanage direct_api can return errors < 0.
2009-06-08 19:07 libsemanage direct_api can return errors < 0 Daniel J Walsh
@ 2009-07-07 19:47 ` Joshua Brindle
2009-07-07 20:50 ` Possible OpenSSH exploit Tracy Reed
0 siblings, 1 reply; 3+ messages in thread
From: Joshua Brindle @ 2009-07-07 19:47 UTC (permalink / raw)
To: Daniel J Walsh; +Cc: SELinux
Daniel J Walsh wrote:
Merged.
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 3+ messages in thread
* Possible OpenSSH exploit
2009-07-07 19:47 ` Joshua Brindle
@ 2009-07-07 20:50 ` Tracy Reed
0 siblings, 0 replies; 3+ messages in thread
From: Tracy Reed @ 2009-07-07 20:50 UTC (permalink / raw)
To: SELinux; +Cc: Daniel J Walsh
[-- Attachment #1: Type: text/plain, Size: 567 bytes --]
So far just rumors but this looks potentially scary:
http://seclists.org/fulldisclosure/2009/Jul/0028.html
http://isc.sans.org/diary.html?storyid=6742
One of my biggest reasons for using SE Linux for so long has been the
hopeful mitigation of such exploits. If this is real and SE Linux
mitigates it this could be serious validation for the whole SE Linux
philosophy. If somehow we still get owned while running the latest SE
Linux confined ssh I will be very disappointed.
Hopefully it's just a false alarm.
--
Tracy Reed
http://tracyreed.org
[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2009-07-07 20:50 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-06-08 19:07 libsemanage direct_api can return errors < 0 Daniel J Walsh
2009-07-07 19:47 ` Joshua Brindle
2009-07-07 20:50 ` Possible OpenSSH exploit Tracy Reed
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.