Boolean utilities segv's
George C. Wilson
ltcgcw at us.ibm.com
Fri Sep 17 19:38:39 UTC 2004
Hi,
We found what appears to be a bug in libselinux. The getsebool, setsebool,
and togglesebool all SIGSEGV when SELINUX=disabled.
The global that stores the selinuxfs mountpoint in libselinux, selinux_mnt, is
initialized to NULL. selinuxfs is not mounted when SELinux is disabled,
therefore no mountpoint exists when init_selinuxmnt() scans /proc/mounts, and
selinux_mnt remains NULL. So when get_bool_value() in booleans.c attempts to
strlen(selinux_mnt), a SIGSEGV results. The fix is to validate selinux_mnt
before the offending strlen() in get_bool_value(), line 101 of booleans.c from
selinux-usr-2004081908. It probably would not hurt to validate name as well.
The same bug exists in FC3.
Thanks
--
George Wilson <ltcgcw at us.ibm.com>
IBM Linux Technology Center
More information about the fedora-selinux-list
mailing list