danwalsh


Dan Walsh's Blog

Got SELinux?


Previous Entry Add to Memories Share Next Entry
Open Source how do I love thee, let me count the ways.
danwalsh
Yesterday I got contacted by Red Hat Support about a problem we had in libselinux.  If you are setting up confined users you can use the semanage login command to setup a group of linux users to be assigned to a confined user type.

# semanage login -a -s staff_u -r s0-s0:c0.c1023 %wheel

This command would cause all linux users in the wheel group to login as the staff_u SELinux user.  Well we had a bug in getseuserbyname function in libseliunux.  When you login to a system the pam_selinux module uses this function to figure out which SELinux user should be used for your UID.  There was a bug where we were not allocating enough memory for reading the entire group file contents.  Basically if the number of users within a group was too large, the library would stop reading.  

A customer of ours found the problem and reported it.  

Now the reason I love Open Source...

The customer did not stop there.  They downloaded our source, found the problem, built a patch and attached it to the bug report.  So all I had to do was apply the patch and start the errata process.   This is the type of stuff that can't happen in a closed source system, and is why Open Source is better...

Open source is like The Elves and the Shoemaker, just don't tell my boss.  :^)

Dan,
Can you post some notes how did the customer came to the conclusion that the problem is in small amount of allocated memory? How did he (and you too) debug the problem, understood its roots and created a working solution?

No HTML allowed in subject

  
 
   
 

(will be screened)

You are viewing danwalsh