Boolean utilities segv's

Stephen Smalley sds at epoch.ncsc.mil
Fri Sep 17 19:56:19 UTC 2004


On Fri, 2004-09-17 at 15:38, George C. Wilson wrote:
> We found what appears to be a bug in libselinux.  The getsebool, setsebool,
> and togglesebool all SIGSEGV when SELINUX=disabled.
> 
> The global that stores the selinuxfs mountpoint in libselinux, selinux_mnt, is
> initialized to NULL.  selinuxfs is not mounted when SELinux is disabled,
> therefore no mountpoint exists when init_selinuxmnt() scans /proc/mounts, and
> selinux_mnt remains NULL.  So when get_bool_value() in booleans.c  attempts to
> strlen(selinux_mnt), a SIGSEGV results.  The fix is to validate selinux_mnt
> before the offending strlen() in get_bool_value(), line 101 of booleans.c from
> selinux-usr-2004081908.  It probably would not hurt to validate name as well.
> The same bug exists in FC3.

Ok, we can certainly fix this, but note that these functions are not
going to work on a non-SELinux system regardless; you shouldn't even be
calling them (or running those utilities) on a non-SELinux system.

-- 
Stephen Smalley <sds at epoch.ncsc.mil>
National Security Agency




More information about the fedora-selinux-list mailing list