| Summary: | ssh_selinux_setfscreatecon segfaults if SELinux support is compiled in but is disabled at run-time | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | Portable OpenSSH | Reporter: | Colin Watson <cjwatson> | ||||||
| Component: | ssh | Assignee: | Assigned to nobody <unassigned-bugs> | ||||||
| Status: | CLOSED FIXED | ||||||||
| Severity: | normal | CC: | djm, dtucker, leonardo | ||||||
| Priority: | P2 | ||||||||
| Version: | 5.7p1 | ||||||||
| Hardware: | All | ||||||||
| OS: | Linux | ||||||||
| Bug Depends on: | |||||||||
| Bug Blocks: | 1845 | ||||||||
| Attachments: |
|
||||||||
Patch applied - thanks. This patch* was misapplied and causes a syntax error when building 5.8p1 with SELinux enabled. * http://hg.mindrot.org/openssh/rev/8611ccf82385 Created attachment 1991 [details]
openssh-5.8p1-syntex-error.diff
Applied, thanks. close resolved bugs now that openssh-5.9 has been released |
Created attachment 1984 [details] more error checks in ssh_selinux_setfscreatecon The Debian/Ubuntu OpenSSH packages are compiled with SELinux support, but SELinux isn't necessarily available at run-time. If it's unavailable, then ssh_selinux_setfscreatecon may crash because it does not either (a) check ssh_selinux_enabled or (b) check the return value of matchpathcon. I suspect it should do both, although I'm not sure whether any error message is necessary if matchpathcon fails - does this just mean that the configuration doesn't specify any particular context? (I'm not an SELinux expert.) Patch attached which at least clears up the crash. (BTW, the indentation in ssh_selinux_setfscreatecon is non-standard.)