Yesterday I got contacted by Red Hat Support about a problem we had in libselinux. If you are setting up confined users you can use the semanage login command to setup a group of linux users to be assigned to a confined user type.
# semanage login -a -s staff_u -r s0-s0:c0.c1023 %wheel
This command would cause all linux users in the wheel group to login as the staff_u SELinux user. Well we had a bug in getseuserbyname function in libseliunux. When you login to a system the pam_selinux module uses this function to figure out which SELinux user should be used for your UID. There was a bug where we were not allocating enough memory for reading the entire group file contents. Basically if the number of users within a group was too large, the library would stop reading.
A customer of ours found the problem and reported it.
Now the reason I love Open Source...
The customer did not stop there. They downloaded our source, found the problem, built a patch and attached it to the bug report. So all I had to do was apply the patch and start the errata process. This is the type of stuff that can't happen in a closed source system, and is why Open Source is better...
Open source is like The Elves and the Shoemaker, just don't tell my boss. :^)
Dan Walsh's Blog
- Open Source how do I love thee, let me count the ways.