117374 – rpm --recontext -q rpm segfaults as user_r:user_t

Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.

Bug 117374 - rpm --recontext -q rpm segfaults as user_r:user_t

Summary: rpm --recontext -q rpm segfaults as user_r:user_t

Keywords:
Status:	CLOSED RAWHIDE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	rpm
Sub Component:
Version:	rawhide
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Jeff Johnson
QA Contact:	Mike McLean
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	FC2Blocker
TreeView+	depends on / blocked

Reported:	2004-03-03 12:53 UTC by Paul Nasrat
Modified:	2007-11-30 22:10 UTC (History)
CC List:	0 users
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2004-04-07 23:23:23 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
Brief analysis of core (deleted) 2004-03-03 13:00 UTC, Paul Nasrat	no flags	Details
View All

Description Paul Nasrat 2004-03-03 12:53:48 UTC

Description of problem:

rpm --recontext -q rpm causes segmentation fault whilst running in
enforcing mode

Version-Release number of selected component (if applicable):
rpm-4.3-0.16

How reproducible:

always

Steps to Reproduce:
1. setenforce 1
2. login as a user who is user_r:user_t
3.  rpm --recontext -q rpm
  
Actual results:

D: opening  db index       /var/lib/rpm/Packages rdonly mode=0x0

D: locked   db index       /var/lib/rpm/Packages

D: opening  db index       /var/lib/rpm/Name rdonly mode=0x0

D:  read h#    1842 Header SHA1 digest: OK
(df106e1c2f4cc29765024189d784dbe69bd6f670)

/etc/security/selinux/src/policy/file_contexts/file_contexts:
Permission denied

Segmentation fault

Expected results:

No segmentation fault.

Additional info:

Drops core - back trace to be attached.

avc error:

avc: denied { search } for pid 2655 exe=/usr/lib/rpm/rpmq name=selinux
dev=hda5 ino=1493914 scontext=victim:user_r:user_t
tcontext=system_u:object_r:policy_config_t tclass=dir

inode corresponds to /etc/security/selinux

Comment 1 Paul Nasrat 2004-03-03 13:00:08 UTC

Created attachment 98235 [details]
Brief analysis of core

If you need any more analysis yell

Comment 2 Jeff Johnson 2004-04-07 23:23:23 UTC

Fixed in rpm-4.3.1-0.2 when built.

Note You need to log in before you can comment on or make changes to this bug.