newrole: double free or corruption

Andy Warner warner at rubix.com
Tue Dec 29 17:04:50 UTC 2009 


Dominick Grift wrote:
> On Mon, Dec 28, 2009 at 06:29:02PM -0500, Andy Warner wrote:
>   
>> Got the following output from using the newrole command on Fedora 12.
>> Not sure where to properly report such bugs.
>>
>> If it helps, the rubix_remote_client_r role transition should fail (as
>> it does) as there are no role transition rules for it. The role is
>> associated with the current SELinux user.
>>
>> I believe my system just updated to the newest newrole package.
>> [warner at Fedora12-Dev ~]$ yum info policycoreutils
>> Loaded plugins: presto, refresh-packagekit
>> Installed Packages
>> Name       : policycoreutils
>> Arch       : i686
>> Version    : 2.0.78
>> Release    : 3.fc12
>> Size       : 3.3 M
>> Repo       : installed
>> >From repo  : updates
>>
>> Error output from newrole follows:
>>
>> [warner at Fedora12-Dev ~]$ newrole -r rubix_remote_client_r
>>     
>
> Does it behave as expected if you use sudo instead?
>
> sudo -r rubix_remote_client_r -t rubix_remote_client_t -s
>
> Eitherway looks like a bug in newrole
>   
Yes, sudo behaves as expected. The problem does not happen. The sudo
command fails normally being unable to exec bash do to a lack of a
transition rule.
>   
>> Password:
>> failed to exec shell
>> : Permission denied
>> *** glibc detected *** newrole: double free or corruption (out):
>> 0x01726138 ***
>> ======= Backtrace: =========
>> /lib/libc.so.6(-0xff836d9f)[0x233261]
>> /lib/libselinux.so.1(freecon+0x1e)[0x9fd42e]
>> newrole(main+0x6eb)[0x119d6b]
>> /lib/libc.so.6(__libc_start_main+0xe6)[0x1dbbb6]
>> newrole(+0x16f1)[0x1186f1]
>> ======= Memory map: ========
>> 00117000-0011d000 r-xp 00000000 fd:00 126525     /usr/bin/newrole
>> 0011d000-0011e000 r--p 00005000 fd:00 126525     /usr/bin/newrole
>> 0011e000-0011f000 rw-p 00006000 fd:00 126525     /usr/bin/newrole
>> 0011f000-00135000 r-xp 00000000 fd:00 56679      /lib/libpthread-2.11.so
>> 00135000-00136000 r--p 00015000 fd:00 56679      /lib/libpthread-2.11.so
>> 00136000-00137000 rw-p 00016000 fd:00 56679      /lib/libpthread-2.11.so
>> 00137000-00139000 rw-p 00000000 00:00 0
>> 001a5000-001c3000 r-xp 00000000 fd:00 56677      /lib/ld-2.11.so
>> 001c3000-001c4000 r--p 0001d000 fd:00 56677      /lib/ld-2.11.so
>> 001c4000-001c5000 rw-p 0001e000 fd:00 56677      /lib/ld-2.11.so
>> 001c5000-00333000 r-xp 00000000 fd:00 56678      /lib/libc-2.11.so
>> 00333000-00334000 ---p 0016e000 fd:00 56678      /lib/libc-2.11.so
>> 00334000-00336000 r--p 0016e000 fd:00 56678      /lib/libc-2.11.so
>> 00336000-00337000 rw-p 00170000 fd:00 56678      /lib/libc-2.11.so
>> 00337000-0033a000 rw-p 00000000 00:00 0
>> 0055f000-00560000 r-xp 00000000 00:00 0          [vdso]
>> 005f6000-005fa000 r-xp 00000000 fd:00 1331       /lib/libattr.so.1.1.0
>> 005fa000-005fb000 rw-p 00003000 fd:00 1331       /lib/libattr.so.1.1.0
>> 0062d000-00638000 r-xp 00000000 fd:00 10441      /lib/libnss_files-2.11.so
>> 00638000-00639000 r--p 0000a000 fd:00 10441      /lib/libnss_files-2.11.so
>> 00639000-0063a000 rw-p 0000b000 fd:00 10441      /lib/libnss_files-2.11.so
>> 008a3000-008a5000 r-xp 00000000 fd:00 15448      /lib/libpam_misc.so.0.82.0
>> 008a5000-008a6000 rw-p 00001000 fd:00 15448      /lib/libpam_misc.so.0.82.0
>> 00928000-0092c000 r-xp 00000000 fd:00 1332       /lib/libcap.so.2.16
>> 0092c000-0092d000 rw-p 00003000 fd:00 1332       /lib/libcap.so.2.16
>> 00992000-00995000 r-xp 00000000 fd:00 56684      /lib/libdl-2.11.so
>> 00995000-00996000 r--p 00002000 fd:00 56684      /lib/libdl-2.11.so
>> 00996000-00997000 rw-p 00003000 fd:00 56684      /lib/libdl-2.11.so
>> 009f3000-00a0f000 r-xp 00000000 fd:00 56687      /lib/libselinux.so.1
>> 00a0f000-00a10000 r--p 0001b000 fd:00 56687      /lib/libselinux.so.1
>> 00a10000-00a11000 rw-p 0001c000 fd:00 56687      /lib/libselinux.so.1
>> 00c8b000-00c97000 r-xp 00000000 fd:00 15447      /lib/libpam.so.0.82.1
>> 00c97000-00c98000 rw-p 0000b000 fd:00 15447      /lib/libpam.so.0.82.1
>> 00e6f000-00e85000 r-xp 00000000 fd:00 15446      /lib/libaudit.so.1.0.0
>> 00e85000-00e86000 r--p 00015000 fd:00 15446      /lib/libaudit.so.1.0.0
>> 00e86000-00e87000 rw-p 00016000 fd:00 15446      /lib/libaudit.so.1.0.0
>> 00ea9000-00ec6000 r-xp 00000000 fd:00 51325     
>> /lib/libgcc_s-4.4.2-20091027.so.1
>> 00ec6000-00ec7000 rw-p 0001c000 fd:00 51325     
>> /lib/libgcc_s-4.4.2-20091027.so.1
>> 00f05000-00f0c000 r-xp 00000000 fd:00 56680      /lib/librt-2.11.so
>> 00f0c000-00f0d000 r--p 00006000 fd:00 56680      /lib/librt-2.11.so
>> 00f0d000-00f0e000 rw-p 00007000 fd:00 56680      /lib/librt-2.11.so
>> 01724000-017a9000 rw-p 00000000 00:00 0          [heap]
>> b7627000-b7827000 r--p 00000000 fd:00 12545     
>> /usr/lib/locale/locale-archive
>> b7827000-b782a000 rw-p 00000000 00:00 0
>> b783b000-b7842000 r--s 00000000 fd:00 10739     
>> /usr/lib/gconv/gconv-modules.cache
>> b7842000-b7843000 rw-p 00000000 00:00 0
>> bfcce000-bfce3000 rw-p 00000000 00:00 0          [stack]
>> [warner at Fedora12-Dev ~]$
>>
>>     
>
>   
>> --
>> fedora-selinux-list mailing list
>> fedora-selinux-list at redhat.com
>> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>>     
>
>   
> ------------------------------------------------------------------------
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20091229/9ca67eae/attachment.htm>

More information about the fedora-selinux-list mailing list