[redhat-lspp] "su" broken on current MLS Rawhide
Klaus Weidner
klaus at atsec.com
Tue Feb 14 21:34:54 UTC 2006
Hello,
I've been getting really strange effects on the current Rawhide system
running the MLS policy plus Steve Grubb's LSPP kernel (no
polyinstantiation support installed yet).
kernel-2.6.15-1.1826.2.10.2.3_FC5.lspp.7
selinux-policy-mls-2.2.14-2
How to reproduce: in enforcing mode, log in as non-root user, then run
"/bin/su -" and authenticate. (This behaves identically in an SSH session
and on the console).
The "su" starts a root shell, but apparently this shell disassociates
itself from the parent process, and the original shell and the root shell
start fighting for the tty input. Note the intermixed prompts (I was just
hitting RETURN a couple of times), the inconsistent "id" output", and the
PPID=1 in the "ps alx" listing for the root shell.
kw at rawhide's password:
Last login: Fri Jan 13 11:22:22 2006 from 172.16.204.1
-bash: /home/kw/.bash_profile: Permission denied
-bash-3.1$ /bin/su -
Password:
/bin/su: warning: cannot change directory to /root: Permission denied
/bin/su: warning: cannot change directory to /root: Permission denied
-bash-3.1$ -bash: /root/.bash_profile: Permission denied
-bash-3.1#
-bash-3.1$ -bash-3.1# -bash-3.1#
-bash-3.1$ -bash-3.1# -bash-3.1# -bash-3.1# -bash-3.1# -bash-3.1# -bash-3.1# -bash-3.1# -bash-3.1# -bash-3.1# -bash-3.1# -bash: ii: command not found
-bash-3.1# i
uid=500(kw) gid=500(kw) groups=500(kw) context=user_u:user_r:user_t:SystemLow
-bash-3.1$ uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel) context=user_u:user_r:user_t:SystemLow
-bash-3.1# i
uid=500(kw) gid=500(kw) groups=500(kw) context=user_u:user_r:user_t:SystemLow
-bash-3.1$ uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel) context=user_u:user_r:user_t:SystemLow
-bash-3.1#
F UID PID PPID PRI NI VSZ RSS WCHAN STAT TTY TIME COMMAND
4 500 1780 1533 15 0 4404 1448 - Ss tty2 0:00 -bash
4 0 1804 1 15 0 4404 1440 - S+ tty2 0:00 -bash
0 0 1837 1751 16 0 3872 688 - R+ pts/0 0:00 grep tty2
FYI, I'm also still getting the "idr_remove called for id=1 which is not
allocated" messages using this updated policy.
-Klaus
More information about the redhat-lspp
mailing list