GNU bug report logs - #16335
Segmentation fault when using cp -a with SELinux and fakeroot

Previous Next

Package: coreutils;

Reported by: Nicolas Iooss <nicolas.iooss <at> m4x.org>

Date: Sat, 4 Jan 2014 00:38:01 UTC

Severity: normal

Done: Pádraig Brady <P <at> draigBrady.com>

Bug is archived. No further changes may be made.

Full log

Message #8 received at 16335 <at> debbugs.gnu.org (full text, mbox):

From: Pádraig Brady <P <at> draigBrady.com>
To: Nicolas Iooss <nicolas.iooss <at> m4x.org>
Cc: 16335 <at> debbugs.gnu.org
Subject: Re: bug#16335: Segmentation fault when using cp -a with SELinux and
 fakeroot
Date: Sat, 04 Jan 2014 01:42:01 +0000

On 01/03/2014 10:08 PM, Nicolas Iooss wrote:
> Hello,
> 
> After upgrading to coreutils 8.22 I can no longer build packages which
> uses "cp -a" to copy files due to a segmentation fault happening in
> libselinux.
> 
> I've tried to reproduce this bug with few commands, in a directory which
> doesn't have any default context:
> 
>     $ mkdir /tmp/foobar
>     $ matchpathcon
>     /tmp/foobar	<<none>>
>     $ touch /tmp/foobar/a
>     $ fakeroot cp -a /tmp/foobar/a /tmp/foobar/b
>     $ fakeroot cp -a /tmp/foobar/a /tmp/foobar/b
>     /usr/bin/fakeroot: line 181:  9207 Segmentation fault
> 
> Without fakeroot there is no segmentation fault.
> 
> Even if the message says "/usr/bin/fakeroot", a coredump has been
> created for cp. I've analyzed this dump using gdb and after some
> debugging, I found out that restorecon_private (from src/selinux.c) was
> calling lsetfilecon with a NULL security context which was obtained by
> getfscreatecon (case "local = true" in the code [1]). This causes a null
> pointer dereference in libselinux and so a SIGSEGV.
> 
> I've reported this bug to libselinux maintainers [2] and got the reply
> that calling lsetfilecon with a NULL security context was like calling
> strlen with a NULL string and that this was a problem in caller's code [3].
> 
> Hence I propose the attached patch to fix the segmentation fault. Could
> you please accept it?
> 
> When you reply, please Cc me as I'm not subscribed.
> 
> Thanks,
> 
> Nicolas Iooss
> 
> -----------
> 
> System configuration during my tests:
> 
> * distro: ArchLinux which SELinux packages
> * CPU arch: x86_64
> * SELinux in permissive mode
> * coreutils 8.22
> * libselinux 2.2.1
> * fakeroot 1.20
> 
> [1]
> http://git.savannah.gnu.org/gitweb/?p=coreutils.git;a=blob;f=src/selinux.c;hb=v8.22#l191
> [2] http://marc.info/?l=selinux&m=138763485330568&w=2
> [3] http://marc.info/?l=selinux&m=138842015508829&w=2

Thanks for the very thorough analysis and patch.
The patch looks correct as getfscreatecon() is
documented to return a NULL context in some cases.
I'll see if I can add a robust test and will apply
this in your name.

thanks,
Pádraig.
This bug report was last modified 11 years and 134 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.