GNU bug report logs - #16335
Segmentation fault when using cp -a with SELinux and fakeroot

Previous Next

Package: coreutils;

Reported by: Nicolas Iooss <nicolas.iooss <at> m4x.org>

Date: Sat, 4 Jan 2014 00:38:01 UTC

Severity: normal

Done: Pádraig Brady <P <at> draigBrady.com>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: Nicolas Iooss <nicolas.iooss <at> m4x.org>
Subject: bug#16335: closed (Re: bug#16335: Segmentation fault when using
 cp -a with SELinux and fakeroot)
Date: Mon, 13 Jan 2014 14:51:02 +0000

[Message part 1 (text/plain, inline)]
Your bug report

#16335: Segmentation fault when using cp -a with SELinux and fakeroot

which was filed against the coreutils package, has been closed.

The explanation is attached below, along with your original report.
If you require more details, please reply to 16335 <at> debbugs.gnu.org.

-- 
16335: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=16335
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]
From: Pádraig Brady <P <at> draigBrady.com>
To: Nicolas Iooss <nicolas.iooss <at> m4x.org>
Cc: 16335-done <at> debbugs.gnu.org
Subject: Re: bug#16335: Segmentation fault when using cp -a with SELinux and
 fakeroot
Date: Mon, 13 Jan 2014 14:50:13 +0000

[Message part 3 (text/plain, inline)]
I'm going to push the attached very soon, to address this.

thanks,
Pádraig.

[cp-selinux-segfault.patch (text/x-patch, attachment)]
[Message part 5 (message/rfc822, inline)]
From: Nicolas Iooss <nicolas.iooss <at> m4x.org>
To: bug-coreutils <at> gnu.org
Subject: Segmentation fault when using cp -a with SELinux and fakeroot
Date: Fri, 03 Jan 2014 23:08:42 +0100

[Message part 6 (text/plain, inline)]
Hello,

After upgrading to coreutils 8.22 I can no longer build packages which
uses "cp -a" to copy files due to a segmentation fault happening in
libselinux.

I've tried to reproduce this bug with few commands, in a directory which
doesn't have any default context:

    $ mkdir /tmp/foobar
    $ matchpathcon
    /tmp/foobar	<<none>>
    $ touch /tmp/foobar/a
    $ fakeroot cp -a /tmp/foobar/a /tmp/foobar/b
    $ fakeroot cp -a /tmp/foobar/a /tmp/foobar/b
    /usr/bin/fakeroot: line 181:  9207 Segmentation fault

Without fakeroot there is no segmentation fault.

Even if the message says "/usr/bin/fakeroot", a coredump has been
created for cp. I've analyzed this dump using gdb and after some
debugging, I found out that restorecon_private (from src/selinux.c) was
calling lsetfilecon with a NULL security context which was obtained by
getfscreatecon (case "local = true" in the code [1]). This causes a null
pointer dereference in libselinux and so a SIGSEGV.

I've reported this bug to libselinux maintainers [2] and got the reply
that calling lsetfilecon with a NULL security context was like calling
strlen with a NULL string and that this was a problem in caller's code [3].

Hence I propose the attached patch to fix the segmentation fault. Could
you please accept it?

When you reply, please Cc me as I'm not subscribed.

Thanks,

Nicolas Iooss

-----------

System configuration during my tests:

* distro: ArchLinux which SELinux packages
* CPU arch: x86_64
* SELinux in permissive mode
* coreutils 8.22
* libselinux 2.2.1
* fakeroot 1.20

[1]
http://git.savannah.gnu.org/gitweb/?p=coreutils.git;a=blob;f=src/selinux.c;hb=v8.22#l191
[2] http://marc.info/?l=selinux&m=138763485330568&w=2
[3] http://marc.info/?l=selinux&m=138842015508829&w=2

[0001-Fix-segmentation-fault-in-restorecon_private.patch (text/x-patch, attachment)]
This bug report was last modified 11 years and 134 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.