Re: KASAN: slab-out-of-bounds Read in strcmp

On Mon, Dec 4, 2017 at 8:47 AM, Dmitry Vyukov wrote: > On Mon, Dec 4, 2017 at 2:43 PM, Stephen Smalley wrote: >> On Sun, 2017-12-03 at 20:33 +0900, Tetsuo Handa wrote: >>> On 2017/12/02 3:52, syzbot wrote: >>> >

Re: KASAN: slab-out-of-bounds Read in strcmp

On Mon, Dec 4, 2017 at 2:59 PM, Paul Moore wrote: On 2017/12/02 3:52, syzbot wrote: > == > BUG: KASAN: slab-out-of-bounds in strcmp+0x96/0xb0 lib/string.c:328 > Read of size 1 at addr

Re: KASAN: slab-out-of-bounds Read in strcmp

On Mon, Dec 4, 2017 at 2:59 PM, Paul Moore wrote: > == > BUG: KASAN: slab-out-of-bounds in strcmp+0x96/0xb0 lib/string.c:328 > Read of size 1 at addr 8801cd99d2c1 by task >

Re: KASAN: slab-out-of-bounds Read in strcmp

Tetsuo Handa wrote: > which will allow strcmp() to trigger out of bound read when "size" is > larger than strlen(initial_sid_to_string[i]). Oops. "smaller" than. > > Thus, I guess the simplest fix is to use strncmp() instead of strcmp(). Can somebody test below patch? (My CentOS 7 environment

Re: [PATCH 4/4] selinux: Add SCTP support

On Tue, 2017-11-28 at 14:59 -0500, Stephen Smalley wrote: > On Tue, 2017-11-28 at 14:39 -0500, Stephen Smalley wrote: > > On Mon, 2017-11-27 at 19:32 +, Richard Haines wrote: > > > The SELinux SCTP implementation is explained in: > > > Documentation/security/SELinux-sctp.rst > > > > > >

Re: Qwery regarding Selinux Change Id context

Hi Stephen, I got the below logs from the file .Can you please if these logs are fine or not : journalctl | grep selinux Dec 05 02:55:46 localhost.localdomain kernel: EVM: security.selinux Dec 04 21:26:10 cucm audispd[569]: node=localhost.localdomain type=USER_START

Re: Issue regarding Selinux

Hi Stephen, sestatus -v SELinux status: enabled SELinuxfs mount:/sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: targeted Current mode: enforcing Mode from config file: enforcing Policy MLS

Re: Qwery regarding Selinux Change Id context

On Mon, 2017-12-04 at 21:31 +0530, Aman Sharma wrote: > Hi Stephen, > > I got the below logs from the file .Can you please if these logs are > fine or not : > > journalctl | grep selinux > Dec 05 02:55:46 localhost.localdomain kernel: EVM: security.selinux > Dec 04 21:26:10 cucm audispd[569]:

Re: KASAN: slab-out-of-bounds Read in strcmp

On Mon, Dec 4, 2017 at 10:10 PM, Paul Moore wrote: >> Hi Paul, >> >> We are just rolling in the process. Feedback is much appreciated! >> >> The idea is that we need to know the title as it will appear in Linus >> tree and in other tested trees. It's also possible to override

Re: KASAN: slab-out-of-bounds Read in strcmp

On Mon, Dec 4, 2017 at 11:29 AM, Dmitry Vyukov wrote: > On Mon, Dec 4, 2017 at 2:59 PM, Paul Moore wrote: > Hi Paul, > > We are just rolling in the process. Feedback is much appreciated! > > The idea is that we need to know the title as it will appear in

Re: Qwery regarding Selinux Change Id context

Is this a bug in cent OS 7.3 ? On Tue, Dec 5, 2017 at 2:10 PM, Dominick Grift wrote: > On Tue, Dec 05, 2017 at 02:02:37PM +0530, Aman Sharma wrote: > > Hi Stephen, > > > > Below is the changes which I made in Login and ssh file : > > > > cat /etc/pam.d/sshd > > #%PAM-1.0

Re: Qwery regarding Selinux Change Id context

On Tue, Dec 05, 2017 at 02:02:37PM +0530, Aman Sharma wrote: > Hi Stephen, > > Below is the changes which I made in Login and ssh file : > > cat /etc/pam.d/sshd > #%PAM-1.0 > authrequired pam_sepermit.so side note: this is a "bug"

Re: Qwery regarding Selinux Change Id context

Hi Stephen, Below is the changes which I made in Login and ssh file : cat /etc/pam.d/sshd #%PAM-1.0 authrequired pam_sepermit.so auth include password-auth # Used with polkit to reauthorize users in remote sessions accountrequired pam_nologin.so accountinclude