GNU bug report logs - #16335
Segmentation fault when using cp -a with SELinux and fakeroot

Previous Next

Package: coreutils;

Reported by: Nicolas Iooss <nicolas.iooss <at> m4x.org>

Date: Sat, 4 Jan 2014 00:38:01 UTC

Severity: normal

Done: Pádraig Brady <P <at> draigBrady.com>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Nicolas Iooss <nicolas.iooss <at> m4x.org>
To: 16335 <at> debbugs.gnu.org
Subject: bug#16335: Segmentation fault when using cp -a with SELinux and fakeroot
Date: Fri, 03 Jan 2014 23:08:42 +0100

[Message part 1 (text/plain, inline)]
Hello,

After upgrading to coreutils 8.22 I can no longer build packages which
uses "cp -a" to copy files due to a segmentation fault happening in
libselinux.

I've tried to reproduce this bug with few commands, in a directory which
doesn't have any default context:

    $ mkdir /tmp/foobar
    $ matchpathcon
    /tmp/foobar	<<none>>
    $ touch /tmp/foobar/a
    $ fakeroot cp -a /tmp/foobar/a /tmp/foobar/b
    $ fakeroot cp -a /tmp/foobar/a /tmp/foobar/b
    /usr/bin/fakeroot: line 181:  9207 Segmentation fault

Without fakeroot there is no segmentation fault.

Even if the message says "/usr/bin/fakeroot", a coredump has been
created for cp. I've analyzed this dump using gdb and after some
debugging, I found out that restorecon_private (from src/selinux.c) was
calling lsetfilecon with a NULL security context which was obtained by
getfscreatecon (case "local = true" in the code [1]). This causes a null
pointer dereference in libselinux and so a SIGSEGV.

I've reported this bug to libselinux maintainers [2] and got the reply
that calling lsetfilecon with a NULL security context was like calling
strlen with a NULL string and that this was a problem in caller's code [3].

Hence I propose the attached patch to fix the segmentation fault. Could
you please accept it?

When you reply, please Cc me as I'm not subscribed.

Thanks,

Nicolas Iooss

-----------

System configuration during my tests:

* distro: ArchLinux which SELinux packages
* CPU arch: x86_64
* SELinux in permissive mode
* coreutils 8.22
* libselinux 2.2.1
* fakeroot 1.20

[1]
http://git.savannah.gnu.org/gitweb/?p=coreutils.git;a=blob;f=src/selinux.c;hb=v8.22#l191
[2] http://marc.info/?l=selinux&m=138763485330568&w=2
[3] http://marc.info/?l=selinux&m=138842015508829&w=2

[0001-Fix-segmentation-fault-in-restorecon_private.patch (text/x-patch, attachment)]
This bug report was last modified 11 years and 134 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.