Research
Skip Research Menus
Research MenuSecurity Enhanced Linux What's New Frequently Asked Questions Background Documents License Download Participating Mail List Archives Remaining Work Contributors Related Work Press Releases Information Assurance Research NIARL In-house Research Areas Mathematical Sciences Program Sabbaticals Computer & Information Sciences Research Technology Transfer Advanced Computing Advanced Mathematics Communications & Networking Information Processing Microelectronics Other Technologies Technology Fact Sheets Publications Related Links |
SELinux Mailing ListRe: semodule dumps core
From: Stephen Smalley <sds_at_tycho.nsa.gov>
Date: Mon, 20 Mar 2006 12:02:32 -0500
Ok, I reproduced this on Fedora by building libsepol with just -O2 by hand, e.g. make CFLAGS+="-O2" clean install. Looking at what an rpm build of the libsepol package does, it does build with -O2 but also adds several other flags during the build. Trying these flags individually with -O2, it appears that the -fstack-protector option makes the difference: adding it yields a working libsepol while removing it leaves a broken libsepol. As -fstack-protector adds guard variables and checking code, it seemed likely that it was covering up some bug that would otherwise occur. Looking at sepol_module_package_write() again, since the seg fault occurred immediately after it completed, I noticed that buf[] is too small if you include all optional sections (i.e. users_extra and seusers as well as file_contexts). Patch below. Index: libsepol/src/module.c RCS file: /nfshome/pal/CVS/selinux-usr/libsepol/src/module.c,v retrieving revision 1.19 diff -u -p -r1.19 module.c --- libsepol/src/module.c 7 Feb 2006 14:04:43 -0000 1.19 +++ libsepol/src/module.c 20 Mar 2006 16:37:45 -0000@@ -661,7 +661,7 @@ int sepol_module_package_write(sepol_mod { struct policy_file *file = &spf->pf; policy_file_t polfile; - uint32_t buf[3], offsets[5], len, nsec = 0; + uint32_t buf[5], offsets[5], len, nsec = 0; int i; if (p->policy) { -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.Received on Mon 20 Mar 2006 - 11:57:43 EST |
|
Date Posted: Jan 15, 2009 | Last Modified: Jan 15, 2009 | Last Reviewed: Jan 15, 2009 |