From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id rBVJ2w8B031108 for ; Tue, 31 Dec 2013 14:02:58 -0500 Received: by mail-pd0-f180.google.com with SMTP id q10so12710463pdj.11 for ; Tue, 31 Dec 2013 11:02:56 -0800 (PST) Received: from [192.168.0.6] (ip24-253-3-239.lv.lv.cox.net. [24.253.3.239]) by mx.google.com with ESMTPSA id ic7sm90218661pbc.29.2013.12.31.11.02.54 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 31 Dec 2013 11:02:55 -0800 (PST) Message-ID: <52C314CB.4040306@networkcrypt.com> Date: Tue, 31 Dec 2013 11:02:35 -0800 From: Francis Cunnane MIME-Version: 1.0 To: selinux@tycho.nsa.gov Subject: Re: Bug in libselinux/src/setrans_client.c References: <52B84CDF.7020508@redhat.com> <52C235CA.2010607@mthode.org> <52C27333.3060801@networkcrypt.com> <52C31282.6080809@mthode.org> In-Reply-To: <52C31282.6080809@mthode.org> Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha1; boundary="------------ms050606010401000108000107" Reply-To: frankc@networkcrypt.com List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: This is a cryptographically signed message in MIME format. --------------ms050606010401000108000107 Content-Type: multipart/alternative; boundary="------------000206030500080709070700" This is a multi-part message in MIME format. --------------000206030500080709070700 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: quoted-printable tHERE IS ONE MARINE AT nsa, WHY DON'T YOU ASK HIM? On 12/31/2013 10:52 AM, Matthew Thode wrote: > On 12/31/2013 01:33 AM, Francis Cunnane wrote: >> What do you propose.... This is free software.... Don't be a Jew. >> >> On 12/30/2013 7:11 PM, Matthew Thode wrote: >>> On 12/30/2013 10:11 AM, Stephen Smalley wrote: >>>> Calling *setfilecon() with a NULL context is a bug in the caller, ju= st >>>> like calling strlen() with a NULL string. >>>> Fix the callers, please. >>>> >>>> On Wed, Dec 25, 2013 at 9:36 AM, Nicolas Iooss >>>> wrote: >>>>> 2013/12/23 Daniel J Walsh wrote: >>>>>> On 12/21/2013 09:27 AM, Nicolas Iooss wrote: >>>>>>> My first message was not so clear. The check in >>>>>>> libselinux/src/lsetfilecon.c line 35 [1] doesn't work because >>>>>>> selinux_trans_to_raw_context(context, &rcontext) returns 0 and se= ts >>>>>>> rcontext to NULL. This is why I'm asking to change the return >>>>>>> value to >>>>>>> something else if you want "cp -a" working. This fix is not to >>>>>>> introduce a >>>>>>> new feature but to fix an existing one. >>>>>>> >>>>>>> Nicolas >>>>>>> >>>>>> How about if we add a check on lsetfilecon_raw? Changing the >>>>>> behaviour on >>>>>> selinux_trans_to_raw_context might cause other problems. >>>>> I agree. I've found >>>>> http://selinuxproject.org/page/LibselinuxAPISummary which says >>>>> precisely for selinux_trans_to_raw_context: "If passed NULL, sets t= he >>>>> returned context to NULL and returns 0." As this feature is >>>>> documented, callers may rely on it and changing this behavior is >>>>> likely to break things. >>>>> >>>>> Moreover setfilecon_raw and fsetfilecon_raw have the same NULL-poin= ter >>>>> dereference issue. Do these functions need a patch too? >>>>> >>>>> By the way, other callers of selinux_trans_to_raw_context may also >>>>> share this bug: avc_context_to_sid, security_canonicalize_context, >>>>> security_check_context, etc. Is doing a segmentation fault the >>>>> expected way to tell the caller it used a NULL pointer and should h= ave >>>>> manually checked every parameter before calling any libselinux >>>>> function? >>>>> >>>>> Thanks and merry Christmas! >>>>> >>>>> Nicolas >>>>> >>>>>> diff --git a/libselinux/src/lsetfilecon.c >>>>>> b/libselinux/src/lsetfilecon.c >>>>>> index 461e3f7..af3775e 100644 >>>>>> - --- a/libselinux/src/lsetfilecon.c >>>>>> +++ b/libselinux/src/lsetfilecon.c >>>>>> @@ -9,6 +9,10 @@ >>>>>> >>>>>> int lsetfilecon_raw(const char *path, const security_context_t >>>>>> context) >>>>>> { >>>>>> + if (! context) { >>>>>> + errno=3DEINVAL; >>>>>> + return -1; >>>>>> + } >>>>>> return lsetxattr(path, XATTR_NAME_SELINUX, context, >>>>>> strlen(context) + 1 >>>>>> 0); >>>>>> } >>>>> _______________________________________________ >>>>> Selinux mailing list >>>>> Selinux@tycho.nsa.gov >>>>> To unsubscribe, send email to Selinux-leave@tycho.nsa.gov. >>>>> To get help, send an email containing "help" to >>>>> Selinux-request@tycho.nsa.gov. >>>> _______________________________________________ >>>> Selinux mailing list >>>> Selinux@tycho.nsa.gov >>>> To unsubscribe, send email to Selinux-leave@tycho.nsa.gov. >>>> To get help, send an email containing "help" to >>>> Selinux-request@tycho.nsa.gov. >>>> >>> I think I may have hit this bug as well. >>> >>> https://bugs.gentoo.org/show_bug.cgi?id=3D495274 >>> >>> >>> >>> _______________________________________________ >>> Selinux mailing list >>> Selinux@tycho.nsa.gov >>> To unsubscribe, send email to Selinux-leave@tycho.nsa.gov. >>> To get help, send an email containing "help" to >>> Selinux-request@tycho.nsa.gov. >> >> >> >> _______________________________________________ >> Selinux mailing list >> Selinux@tycho.nsa.gov >> To unsubscribe, send email to Selinux-leave@tycho.nsa.gov. >> To get help, send an email containing "help" to Selinux-request@tycho.= nsa.gov. >> > If I had any more info in the bug report then what was mentioned here, > it was meant to help. Also, on vacation, so won't be of much help this= > week :P > > > > _______________________________________________ > Selinux mailing list > Selinux@tycho.nsa.gov > To unsubscribe, send email to Selinux-leave@tycho.nsa.gov. > To get help, send an email containing "help" to Selinux-request@tycho.n= sa.gov. --------------000206030500080709070700 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable
tHERE IS ONE MARINE AT nsa, WHY DON'T YOU ASK HIM?

On 12/31/2013 10:52 AM, Matthew Thode wrote:
On 12/31/2013 01:33 AM, Francis Cunnane wrote:

What do you propose....  This is free software....=
 Don't be a Jew.

  On 12/30/2013 7:11 PM, Matthew Thode wrote:

On 12/30/2013 10:11 AM, Stephen Smalley wrote:

Calling *setfilecon() with a NULL context is a=
 bug in the caller, just
like calling strlen() with a NULL string.
Fix the callers, please.

On Wed, Dec 25, 2013 at 9:36 AM, Nicolas Iooss
=
<nicolas.iooss@m4x.org> wrote:

2013/12/23 Daniel J Walsh wrote:

On 12/21/2013 09:27 AM, Nicolas Iooss wrot=
e:

My first message was not so clear. The c=
heck in
libselinux/src/lsetfilecon.c line 35 [1] doesn't work because
selinux_trans_to_raw_context(context, &rcontext) returns 0 and sets
rcontext to NULL. This is why I'm asking to change the return
value to
something else if you want "cp -a" working. This fix is not to
introduce a
new feature but to fix an existing one.

Nicolas


How about if we add a check on lsetfilecon=
_raw?  Changing the
behaviour on
selinux_trans_to_raw_context might cause other problems.

I agree. I've found
http://selinuxproject.org/page/LibselinuxAPISummar=
y which says
precisely for selinux_trans_to_raw_context: "If passed NULL, sets the
returned context to NULL and returns 0." As this feature is
documented, callers may rely on it and changing this behavior is
likely to break things.

Moreover setfilecon_raw and fsetfilecon_raw have the same NULL-pointer
dereference issue. Do these functions need a patch too?

By the way, other callers of selinux_trans_to_raw_context may also
share this bug: avc_context_to_sid, security_canonicalize_context,
security_check_context, etc. Is doing a segmentation fault the
expected way to tell the caller it used a NULL pointer and should have
manually checked every parameter before calling any libselinux
function?

Thanks and merry Christmas!

Nicolas


diff --git a/libselinux/src/lsetfilecon.c
b/libselinux/src/lsetfilecon.c
index 461e3f7..af3775e 100644
- --- a/libselinux/src/lsetfilecon.c
+++ b/libselinux/src/lsetfilecon.c
@@ -9,6 +9,10 @@

  int lsetfilecon_raw(const char *path, const security_context_t
context)
  {
+       if (! context) {
+               errno=3DEINVAL;
+               return -1;
+       }
         return lsetxattr(path, XATTR_NAME_SELINUX, context,
strlen(context) + 1
                          0);
  }

____________________________________________=
___
Selinux mailing list
Selinux@tycho.nsa.gov
To unsubscribe, send email to Selinux-leave@tycho.nsa.gov.
To get help, send an email containing "help" to
Selinux-request@tycho.nsa.gov.

______________________________________________=
_
Selinux mailing list
Selinux@tycho.nsa.gov
To unsubscribe, send email to Selinux-leave@tycho.nsa.gov.
To get help, send an email containing "help" to
Selinux-request@tycho.nsa.gov.


I think I may have hit this bug as well.

https://bugs.gentoo.org/show_bug.cgi?id=3D495274



_______________________________________________
Selinux mailing list
Selinux@tycho.nsa.gov
To unsubscribe, send email to Selinux-leave@tycho.nsa.gov.
To get help, send an email containing "help" to
Selinux-request@tycho.nsa.gov.




_______________________________________________
Selinux mailing list
Selinux@tycho.nsa.gov
To unsubscribe, send email to Selinux-leave@tycho.nsa.gov.
To get help, send an email containing "help" to Selinux-reques=
t@tycho.nsa.gov.


If I had any more info in the bug report then what w=
as mentioned here,
it was meant to help.  Also, on vacation, so won't be of much help this
week :P




_______________________________________________
Selinux mailing list
Selinux@tycho.nsa.gov
To unsubscribe, send email to Selinux-leave@tycho.nsa.gov.
To get help, send an email containing "help" to Selinux-reques=
t@tycho.nsa.gov.

--------------000206030500080709070700-- --------------ms050606010401000108000107 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIKUjCC BRowggQCoAMCAQICEG0Z6qcZT2ozIuYiMnqqcd4wDQYJKoZIhvcNAQEFBQAwga4xCzAJBgNV BAYTAlVTMQswCQYDVQQIEwJVVDEXMBUGA1UEBxMOU2FsdCBMYWtlIENpdHkxHjAcBgNVBAoT FVRoZSBVU0VSVFJVU1QgTmV0d29yazEhMB8GA1UECxMYaHR0cDovL3d3dy51c2VydHJ1c3Qu Y29tMTYwNAYDVQQDEy1VVE4tVVNFUkZpcnN0LUNsaWVudCBBdXRoZW50aWNhdGlvbiBhbmQg RW1haWwwHhcNMTEwNDI4MDAwMDAwWhcNMjAwNTMwMTA0ODM4WjCBkzELMAkGA1UEBhMCR0Ix GzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UE ChMRQ09NT0RPIENBIExpbWl0ZWQxOTA3BgNVBAMTMENPTU9ETyBDbGllbnQgQXV0aGVudGlj YXRpb24gYW5kIFNlY3VyZSBFbWFpbCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC ggEBAJKEhFtLV5jUXi+LpOFAyKNTWF9mZfEyTvefMn1V0HhMVbdClOD5J3EHxcZppLkyxPFA GpDMJ1Zifxe1cWmu5SAb5MtjXmDKokH2auGj/7jfH0htZUOMKi4rYzh337EXrMLaggLW1DJq 1GdvIBOPXDX65VSAr9hxCh03CgJQU2yVHakQFLSZlVkSMf8JotJM3FLb3uJAAVtIaN3FSrTg 7SQfOq9xXwfjrL8UO7AlcWg99A/WF1hGFYE8aIuLgw9teiFX5jSw2zJ+40rhpVJyZCaRTqWS D//gsWD9Gm9oUZljjRqLpcxCm5t9ImPTqaD8zp6Q30QZ9FxbNboW86eb/8ECAwEAAaOCAUsw ggFHMB8GA1UdIwQYMBaAFImCZ33EnSZwAEu0UEh83j2uBG59MB0GA1UdDgQWBBR6E04AdFvG eGNkJ8Ev4qBbvHnFezAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADARBgNV HSAECjAIMAYGBFUdIAAwWAYDVR0fBFEwTzBNoEugSYZHaHR0cDovL2NybC51c2VydHJ1c3Qu Y29tL1VUTi1VU0VSRmlyc3QtQ2xpZW50QXV0aGVudGljYXRpb25hbmRFbWFpbC5jcmwwdAYI KwYBBQUHAQEEaDBmMD0GCCsGAQUFBzAChjFodHRwOi8vY3J0LnVzZXJ0cnVzdC5jb20vVVRO QWRkVHJ1c3RDbGllbnRfQ0EuY3J0MCUGCCsGAQUFBzABhhlodHRwOi8vb2NzcC51c2VydHJ1 c3QuY29tMA0GCSqGSIb3DQEBBQUAA4IBAQCF1r54V1VtM39EUv5C1QaoAQOAivsNsv1Kv/av QUn1G1rF0q0bc24+6SZ85kyYwTAo38v7QjyhJT4KddbQPTmGZtGhm7VNm2+vKGwdr+XqdFqo 2rHA8XV6L566k3nK/uKRHlZ0sviN0+BDchvtj/1gOSBH+4uvOmVIPJg9pSW/ve9g4EnlFsjr P0OD8ODuDcHTzTNfm9C9YGqzO/761Mk6PB/tm/+bSTO+Qik5g+4zaS6CnUVNqGnagBsePdIa XXxHmaWbCG0SmYbWXVcHG6cwvktJRLiQfsrReTjrtDP6oDpdJlieYVUYtCHVmdXgQ0BCML7q peeU0rD+83X5f27nMIIFMDCCBBigAwIBAgIRAOEtgEtOQn3CQDAg7XarCEcwDQYJKoZIhvcN AQEFBQAwgZMxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO BgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMTkwNwYDVQQDEzBD T01PRE8gQ2xpZW50IEF1dGhlbnRpY2F0aW9uIGFuZCBTZWN1cmUgRW1haWwgQ0EwHhcNMTMw ODI0MDAwMDAwWhcNMTQwODI0MjM1OTU5WjAoMSYwJAYJKoZIhvcNAQkBFhdmcmFua2NAbmV0 d29ya2NyeXB0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMAeIDcQUaZ7 PNQnapzhdKSlZ/AwhZsa+bZUkz9PH8SfzpUYHrLOlEaT0G0r78I8PYFpnIdeicQVwceTphBw kOfKrWTJKvacxP9QhfnmLFVjLSraSdnQsZZMsugDdImmfWF7xx1w3Zij/7tSbuAkx8S0hekg xxbI+jgTb4Wg0LRlyH4clZs31/Xju/WT0mOJ6ykLLgxE1jose1tjIoWvipCR6+Rx6Z4OH7Du hXhVf95E96FsdErTGlxTTtsWEfVLU0h2ytX1UILG1BqX9D+L3PPdbi/myOGnmRmSJ0f7Q+4H pSci5l/SfrFMZcnl0eVGYRJfx2O8nLMg1r4dnGDYZKUCAwEAAaOCAecwggHjMB8GA1UdIwQY MBaAFHoTTgB0W8Z4Y2QnwS/ioFu8ecV7MB0GA1UdDgQWBBSItP/9ZiynH7iNipGrLSRDTik7 YjAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAgBgNVHSUEGTAXBggrBgEFBQcDBAYL KwYBBAGyMQEDBQIwEQYJYIZIAYb4QgEBBAQDAgUgMEYGA1UdIAQ/MD0wOwYMKwYBBAGyMQEC AQEBMCswKQYIKwYBBQUHAgEWHWh0dHBzOi8vc2VjdXJlLmNvbW9kby5uZXQvQ1BTMFcGA1Ud HwRQME4wTKBKoEiGRmh0dHA6Ly9jcmwuY29tb2RvY2EuY29tL0NPTU9ET0NsaWVudEF1dGhl bnRpY2F0aW9uYW5kU2VjdXJlRW1haWxDQS5jcmwwgYgGCCsGAQUFBwEBBHwwejBSBggrBgEF BQcwAoZGaHR0cDovL2NydC5jb21vZG9jYS5jb20vQ09NT0RPQ2xpZW50QXV0aGVudGljYXRp b25hbmRTZWN1cmVFbWFpbENBLmNydDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuY29tb2Rv Y2EuY29tMCIGA1UdEQQbMBmBF2ZyYW5rY0BuZXR3b3JrY3J5cHQuY29tMA0GCSqGSIb3DQEB BQUAA4IBAQAzWNJ9HY0CfcYtnshAOBHgkfhJsiBO4Np6aYj3UZCmEIiQq8x0u+rxTcMgs2dm Lp5Rx17MQ3qQVZxQWpjLt5+2vCV3mS1EPwrd9KUuuVT6br3ymKLC5v5SvLqsMv6q1ze3XPej UO8QM+6BIm9KajrVbB8ND2EcAZwCLr4aUQ5eKMxcZCVgR1ZMXH++so3hYAjTtWiPhYkTJyml E2FTx+fdvH8tOkZalgIzxKlBEXStdXzuzNySz8qMN5Efqbh+6RyhzfdtshWYC1J1i8WtpY+e wSLMqMFVVcu96n6I3oW2jUMAaZG3Ur+pw5qNEupxIeLOVZaqLXgezbJvPN4F43w8MYIEHDCC BBgCAQEwgakwgZMxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIx EDAOBgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMTkwNwYDVQQD EzBDT01PRE8gQ2xpZW50IEF1dGhlbnRpY2F0aW9uIGFuZCBTZWN1cmUgRW1haWwgQ0ECEQDh LYBLTkJ9wkAwIO12qwhHMAkGBSsOAwIaBQCgggJHMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0B BwEwHAYJKoZIhvcNAQkFMQ8XDTEzMTIzMTE5MDIzNVowIwYJKoZIhvcNAQkEMRYEFINGHOGy PbMgqdrXX7tAbQ3wuwuVMGwGCSqGSIb3DQEJDzFfMF0wCwYJYIZIAWUDBAEqMAsGCWCGSAFl AwQBAjAKBggqhkiG9w0DBzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcNAwICAUAwBwYFKw4D AgcwDQYIKoZIhvcNAwICASgwgboGCSsGAQQBgjcQBDGBrDCBqTCBkzELMAkGA1UEBhMCR0Ix GzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UE ChMRQ09NT0RPIENBIExpbWl0ZWQxOTA3BgNVBAMTMENPTU9ETyBDbGllbnQgQXV0aGVudGlj YXRpb24gYW5kIFNlY3VyZSBFbWFpbCBDQQIRAOEtgEtOQn3CQDAg7XarCEcwgbwGCyqGSIb3 DQEJEAILMYGsoIGpMIGTMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVz dGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01PRE8gQ0EgTGltaXRlZDE5MDcG A1UEAxMwQ09NT0RPIENsaWVudCBBdXRoZW50aWNhdGlvbiBhbmQgU2VjdXJlIEVtYWlsIENB AhEA4S2AS05CfcJAMCDtdqsIRzANBgkqhkiG9w0BAQEFAASCAQCy9pwYgs/EDlVaZqBe9R34 w8UlS5KHu3kdZ3iSq90VYgkHrSOI7SWQuHtkS2iotfITwD2HZRL4zsQYQGjEvT49oArDQQ7s 1pCNXziPvHAZhBn5T+aMM19Y6m08HWwiS6Ujuy7pNBO7bEQRi/YEs7SWCGgo/XgCaYGDBUyc FpV5uCcczXZ8AuZP9ufCNJaVpTt1kyzAqJRJJVmCMruIIGTMVud5VdlRPQAetUJVA5Px471F +yRtnGx7VQm+sIbZI8hGXT2bm4vgV3s+hBY0FQ1T1dB0NAJ9DhW5VwcqyxjKf3DC/z/LJ+/p wfgXGintQXQdfGzVj2eRn/9gCI9q4n5bAAAAAAAA --------------ms050606010401000108000107--