Re: KASAN: slab-out-of-bounds Read in strcmp

2017-12-04 Thread Stephen Smalley
On Mon, 2017-12-04 at 17:39 +0100, Dmitry Vyukov wrote: > On Mon, Dec 4, 2017 at 2:59 PM, Paul Moore wrote: > > > > > On 2017/12/02 3:52, syzbot wrote: > > > > > > === > > > > > > === > > > > > > BUG: KASAN:

Re: [PATCH v2] selinux: ensure the context is NUL terminated in security_context_to_sid_core()

2017-12-04 Thread Paul Moore
On Fri, Dec 1, 2017 at 5:21 PM, William Roberts wrote: > On Fri, Dec 1, 2017 at 1:31 PM, Paul Moore wrote: >> From: Paul Moore >> >> The syzbot/syzkaller automated tests found a problem in >> security_context_to_sid_core() during

Re: Qwery regarding Selinux Change Id context

2017-12-04 Thread Stephen Smalley
On Mon, 2017-12-04 at 22:04 +0530, Aman Sharma wrote: > Hi Stephen, > > Thanks alot for the help.  > > I got the issue. Its due to the problem in /etc/pam.d/sshd file. > > After fixing this, now is working fine. Thanks alot once again. Ok, can you explain what exactly what wrong in your

Re: Issue regarding Selinux

2017-12-04 Thread Stephen Smalley
On Mon, 2017-12-04 at 21:45 +0530, Aman Sharma wrote: > Hi Stephen, > > sestatus -v > SELinux status:                 enabled > SELinuxfs mount:                /sys/fs/selinux > SELinux root directory:         /etc/selinux > Loaded policy name:             targeted > Current mode:                 

Re: Qwery regarding Selinux Change Id context

2017-12-04 Thread Aman Sharma
Hi Stephen, Below is my login pam file : #%PAM-1.0 auth [user_unknown=ignore success=ok ignore=ignore default=bad] pam_securetty.so auth substack system-auth auth include postlogin accountrequired pam_nologin.so accountinclude system-auth password include

Re: Qwery regarding Selinux Change Id context

2017-12-04 Thread Stephen Smalley
On Sat, 2017-12-02 at 09:29 +0530, Aman Sharma wrote: > Hi All, > > Thanks for the information. > > But after resetting the semanage User/login, and moving the targeted > folder to old one and then install the default target. then also its > still showing the  > Id context as

Re: KASAN: slab-out-of-bounds Read in strcmp

2017-12-04 Thread Tetsuo Handa
Stephen Smalley wrote: > > Thus, I guess the simplest fix is to use strncmp() instead of > > strcmp(). > > Already fixed by > https://www.spinics.net/lists/selinux/msg23589.html > OK, I thought everyone was too busy. I would appreciate if you responded to all.

Re: KASAN: slab-out-of-bounds Read in strcmp

2017-12-04 Thread Dmitry Vyukov via Selinux
On Mon, Dec 4, 2017 at 2:43 PM, Stephen Smalley wrote: > On Sun, 2017-12-03 at 20:33 +0900, Tetsuo Handa wrote: >> On 2017/12/02 3:52, syzbot wrote: >> > == >> > BUG: KASAN: slab-out-of-bounds in strcmp+0x96/0xb0

Re: KASAN: slab-out-of-bounds Read in strcmp

2017-12-04 Thread Stephen Smalley
On Sun, 2017-12-03 at 20:33 +0900, Tetsuo Handa wrote: > On 2017/12/02 3:52, syzbot wrote: > > == > > BUG: KASAN: slab-out-of-bounds in strcmp+0x96/0xb0 lib/string.c:328 > > Read of size 1 at addr 8801cd99d2c1 by task > >

Re: KASAN: slab-out-of-bounds Read in strcmp

2017-12-04 Thread James Morris
On Sun, 3 Dec 2017, Tetsuo Handa wrote: > Tetsuo Handa wrote: > > which will allow strcmp() to trigger out of bound read when "size" is > > larger than strlen(initial_sid_to_string[i]). > > Oops. "smaller" than. > > > > > Thus, I guess the simplest fix is to use strncmp() instead of strcmp().

Re: KASAN: slab-out-of-bounds Read in strcmp

2017-12-04 Thread Tetsuo Handa
James Morris wrote: > On Sun, 3 Dec 2017, Tetsuo Handa wrote: > > > Tetsuo Handa wrote: > > > which will allow strcmp() to trigger out of bound read when "size" is > > > larger than strlen(initial_sid_to_string[i]). > > > > Oops. "smaller" than. > > > > > > > > Thus, I guess the simplest fix

Re: KASAN: slab-out-of-bounds Read in strcmp

2017-12-04 Thread Tetsuo Handa
Tetsuo Handa wrote: > James Morris wrote: > > On Sun, 3 Dec 2017, Tetsuo Handa wrote: > > > > > Tetsuo Handa wrote: > > > > which will allow strcmp() to trigger out of bound read when "size" is > > > > larger than strlen(initial_sid_to_string[i]). > > > > > > Oops. "smaller" than. > > > > > > >

Re: KASAN: slab-out-of-bounds Read in strcmp

2017-12-04 Thread Tetsuo Handa
On 2017/12/02 3:52, syzbot wrote: > == > BUG: KASAN: slab-out-of-bounds in strcmp+0x96/0xb0 lib/string.c:328 > Read of size 1 at addr 8801cd99d2c1 by task syzkaller242593/3087 > > CPU: 0 PID: 3087 Comm: syzkaller242593 Not

Issue regarding Selinux

2017-12-04 Thread Aman Sharma
Hi All, I am seeing a number of su core files after a fresh install of Cent OS 7 Machine. In this particular case I have 622 cores files found. The backtrace is given below Reading symbols from /usr/bin/su...Reading symbols from /usr/bin/su...(no debugging symbols found)...done. (no debugging