On Mon, Dec 4, 2017 at 8:47 AM, Dmitry Vyukov wrote:
> On Mon, Dec 4, 2017 at 2:43 PM, Stephen Smalley wrote:
>> On Sun, 2017-12-03 at 20:33 +0900, Tetsuo Handa wrote:
>>> On 2017/12/02 3:52, syzbot wrote:
>>> >
On Mon, Dec 4, 2017 at 2:59 PM, Paul Moore wrote:
On 2017/12/02 3:52, syzbot wrote:
> ==
> BUG: KASAN: slab-out-of-bounds in strcmp+0x96/0xb0 lib/string.c:328
> Read of size 1 at addr
On Mon, Dec 4, 2017 at 2:59 PM, Paul Moore wrote:
> ==
> BUG: KASAN: slab-out-of-bounds in strcmp+0x96/0xb0 lib/string.c:328
> Read of size 1 at addr 8801cd99d2c1 by task
>
Tetsuo Handa wrote:
> which will allow strcmp() to trigger out of bound read when "size" is
> larger than strlen(initial_sid_to_string[i]).
Oops. "smaller" than.
>
> Thus, I guess the simplest fix is to use strncmp() instead of strcmp().
Can somebody test below patch? (My CentOS 7 environment
On Tue, 2017-11-28 at 14:59 -0500, Stephen Smalley wrote:
> On Tue, 2017-11-28 at 14:39 -0500, Stephen Smalley wrote:
> > On Mon, 2017-11-27 at 19:32 +, Richard Haines wrote:
> > > The SELinux SCTP implementation is explained in:
> > > Documentation/security/SELinux-sctp.rst
> > >
> > >
Hi Stephen,
I got the below logs from the file .Can you please if these logs are fine
or not :
journalctl | grep selinux
Dec 05 02:55:46 localhost.localdomain kernel: EVM: security.selinux
Dec 04 21:26:10 cucm audispd[569]: node=localhost.localdomain
type=USER_START
Hi Stephen,
sestatus -v
SELinux status: enabled
SELinuxfs mount:/sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: enforcing
Policy MLS
On Mon, 2017-12-04 at 21:31 +0530, Aman Sharma wrote:
> Hi Stephen,
>
> I got the below logs from the file .Can you please if these logs are
> fine or not :
>
> journalctl | grep selinux
> Dec 05 02:55:46 localhost.localdomain kernel: EVM: security.selinux
> Dec 04 21:26:10 cucm audispd[569]:
On Mon, Dec 4, 2017 at 10:10 PM, Paul Moore wrote:
>> Hi Paul,
>>
>> We are just rolling in the process. Feedback is much appreciated!
>>
>> The idea is that we need to know the title as it will appear in Linus
>> tree and in other tested trees. It's also possible to override
On Mon, Dec 4, 2017 at 11:29 AM, Dmitry Vyukov wrote:
> On Mon, Dec 4, 2017 at 2:59 PM, Paul Moore wrote:
> Hi Paul,
>
> We are just rolling in the process. Feedback is much appreciated!
>
> The idea is that we need to know the title as it will appear in
Is this a bug in cent OS 7.3 ?
On Tue, Dec 5, 2017 at 2:10 PM, Dominick Grift
wrote:
> On Tue, Dec 05, 2017 at 02:02:37PM +0530, Aman Sharma wrote:
> > Hi Stephen,
> >
> > Below is the changes which I made in Login and ssh file :
> >
> > cat /etc/pam.d/sshd
> > #%PAM-1.0
On Tue, Dec 05, 2017 at 02:02:37PM +0530, Aman Sharma wrote:
> Hi Stephen,
>
> Below is the changes which I made in Login and ssh file :
>
> cat /etc/pam.d/sshd
> #%PAM-1.0
> authrequired pam_sepermit.so
side note: this is a "bug"
Hi Stephen,
Below is the changes which I made in Login and ssh file :
cat /etc/pam.d/sshd
#%PAM-1.0
authrequired pam_sepermit.so
auth include password-auth
# Used with polkit to reauthorize users in remote sessions
accountrequired pam_nologin.so
accountinclude
13 matches
Mail list logo