[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Latest pam/selinux-policy-strict broken?

From: "W. Michael Petullo" <mike flyn org>
To: fedora-devel-list redhat com
Subject: Latest pam/selinux-policy-strict broken?
Date: Thu, 29 Jul 2004 15:56:02 -0500

Login, su, gdm is hanging on my system since I upgraded to pam-0.77-52
and selinux-policy-strict-1.15.8-3.  

It looks like the hang is occuring when the pam_unix module is executed
as an account module.  Su/pam_unix executes unix_chkpwd, sets up a pipe
and then reads from it.  It seems that unix_chkpwd is failing to execute
properly and su is hanging while it tries to read from the pipe.  After a
quick look at the code, I'm not convinced that pam_unix tests the exit
value of unix_chkpwd properly.

Here is a strace of an su hang:

[...]
pipe([3, 4])                            = 0
rt_sigaction(SIGCHLD, {SIG_DFL}, {SIG_DFL}, 8) = 0
clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x300313a8) = 4404
waitpid(4404, [{WIFEXITED(s) && WEXITSTATUS(s) == 0}], 0) = 4404
--- SIGCHLD (Child exited) @ 0 (0) ---
read(3, "12603:0:99999:7:-1:-1", 1023)  = 21
read(3,

There is no problem when SELinux is not enforcing its strict policy.
Unfortunately, I don't see any avc errors in my logs related to this.

-- 
Mike

:wq

Follow-Ups:
- Re: Latest pam/selinux-policy-strict broken?
  - From: Stephen Smalley

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]