- Update from NSA
Changed matchpathcon_common to ignore any non-format bits in the mode.
This commit is contained in:
parent
1ec9b46064
commit
d4111cf41f
@ -24,3 +24,4 @@ libselinux-1.21.8.tgz
|
|||||||
libselinux-1.21.9.tgz
|
libselinux-1.21.9.tgz
|
||||||
libselinux-1.21.10.tgz
|
libselinux-1.21.10.tgz
|
||||||
libselinux-1.21.11.tgz
|
libselinux-1.21.11.tgz
|
||||||
|
libselinux-1.21.12.tgz
|
||||||
|
@ -1,180 +1,15 @@
|
|||||||
--- libselinux-1.21.10/src/query_user_context.c.ud 2005-02-17 11:22:46.000000000 -0800
|
diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux-1.21.11/src/matchpathcon.c
|
||||||
+++ libselinux-1.21.10/src/query_user_context.c 2005-02-20 12:04:50.001377520 -0800
|
--- nsalibselinux/src/matchpathcon.c 2005-02-22 16:34:17.000000000 -0500
|
||||||
@@ -23,7 +23,8 @@
|
+++ libselinux-1.21.11/src/matchpathcon.c 2005-02-28 13:27:33.000000000 -0500
|
||||||
{
|
@@ -679,6 +679,11 @@
|
||||||
printf ("Enter number of choice: ");
|
mode_t mode,
|
||||||
fflush (stdin);
|
security_context_t *con)
|
||||||
- fgets (response, sizeof (response), stdin);
|
{
|
||||||
+ if (fgets (response, sizeof (response), stdin) == NULL)
|
+ /* If the user provides a mode but does not provide a file type
|
||||||
+ continue;
|
+ default to regular file */
|
||||||
fflush (stdin);
|
+ if (mode && ((mode & S_IFMT)==0)) {
|
||||||
choice = strtol (response, NULL, 10);
|
+ mode = mode | S_IFREG;
|
||||||
}
|
+ }
|
||||||
@@ -50,7 +51,8 @@
|
int i = matchpathcon_common(name, mode);
|
||||||
if (list[1]) {
|
|
||||||
printf ("Do you want to choose a different one? [n]");
|
|
||||||
fflush (stdin);
|
|
||||||
- fgets (response, sizeof (response), stdin);
|
|
||||||
+ if (fgets (response, sizeof (response), stdin) == NULL)
|
|
||||||
+ return -1;
|
|
||||||
fflush (stdin);
|
|
||||||
|
|
||||||
if ((response[0] == 'y') || (response[0] == 'Y'))
|
|
||||||
@@ -86,9 +88,11 @@
|
|
||||||
{
|
|
||||||
printf ("\tEnter %s ", fieldstr);
|
|
||||||
fflush (stdin);
|
|
||||||
- fgets (newfield, newfieldlen, stdin);
|
|
||||||
+ if (fgets (newfield, newfieldlen, stdin) == NULL)
|
|
||||||
+ continue;
|
|
||||||
fflush (stdin);
|
|
||||||
- newfield[strlen(newfield)-1] = '\0';
|
|
||||||
+ if (newfield[strlen(newfield)-1] == '\n')
|
|
||||||
+ newfield[strlen(newfield)-1] = '\0';
|
|
||||||
|
|
||||||
if (strlen(newfield) == 0)
|
|
||||||
{
|
|
||||||
@@ -137,8 +141,8 @@
|
|
||||||
while (!done)
|
|
||||||
{
|
|
||||||
printf ("Would you like to enter a security context? [y]");
|
|
||||||
- fgets (response, sizeof(response), stdin);
|
|
||||||
- if ((response[0] == 'n') || (response[0] == 'N')) {
|
|
||||||
+ if (fgets (response, sizeof(response), stdin) == NULL
|
|
||||||
+ || (response[0] == 'n') || (response[0] == 'N')) {
|
|
||||||
context_free(new_context);
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
--- libselinux-1.21.10/src/matchpathcon.c.ud 2005-02-17 11:22:46.000000000 -0800
|
|
||||||
+++ libselinux-1.21.10/src/matchpathcon.c 2005-02-20 12:19:39.883094936 -0800
|
|
||||||
@@ -4,6 +4,7 @@
|
|
||||||
#include <string.h>
|
|
||||||
#include "selinux_internal.h"
|
|
||||||
#include <stdio.h>
|
|
||||||
+#include <stdio_ext.h>
|
|
||||||
#include <stdlib.h>
|
|
||||||
#include <ctype.h>
|
|
||||||
#include <errno.h>
|
|
||||||
@@ -401,11 +402,8 @@
|
|
||||||
char *regex, *type, *context;
|
|
||||||
char *anchored_regex;
|
|
||||||
len = strlen(line_buf);
|
|
||||||
- if (line_buf[len - 1] != '\n') {
|
|
||||||
- myprintf("%s: line %d is too long, would be truncated, skipping\n", path, lineno);
|
|
||||||
- return 0;
|
|
||||||
- }
|
|
||||||
- line_buf[len - 1] = 0;
|
|
||||||
+ if (line_buf[len - 1] == '\n')
|
|
||||||
+ line_buf[len - 1] = 0;
|
|
||||||
buf_p = line_buf;
|
|
||||||
while (isspace(*buf_p))
|
|
||||||
buf_p++;
|
|
||||||
@@ -522,7 +520,8 @@
|
|
||||||
FILE *homedirfp;
|
|
||||||
char local_path[PATH_MAX + 1];
|
|
||||||
char homedir_path[PATH_MAX + 1];
|
|
||||||
- char line_buf[BUFSIZ + 1];
|
|
||||||
+ char *line_buf = NULL;
|
|
||||||
+ size_t line_len = 0;
|
|
||||||
unsigned int lineno, pass, i, j, maxnspec;
|
|
||||||
spec_t *spec_copy;
|
|
||||||
int status=-1;
|
|
||||||
@@ -532,12 +531,17 @@
|
|
||||||
path = selinux_file_context_path();
|
|
||||||
if ((fp = fopen(path, "r")) == NULL)
|
|
||||||
return -1;
|
|
||||||
+ __fsetlocking(fp, FSETLOCKING_BYCALLER);
|
|
||||||
|
|
||||||
snprintf(homedir_path, sizeof(homedir_path), "%s.homedirs", path);
|
|
||||||
homedirfp = fopen(homedir_path, "r");
|
|
||||||
+ if (homedirfp != NULL)
|
|
||||||
+ __fsetlocking(homedirfp, FSETLOCKING_BYCALLER);
|
|
||||||
|
|
||||||
snprintf(local_path, sizeof(local_path), "%s.local", path);
|
|
||||||
localfp = fopen(local_path, "r");
|
|
||||||
+ if (localfp != NULL)
|
|
||||||
+ __fsetlocking(localfp, FSETLOCKING_BYCALLER);
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Perform two passes over the specification file.
|
|
||||||
@@ -551,19 +555,19 @@
|
|
||||||
for (pass = 0; pass < 2; pass++) {
|
|
||||||
lineno = 0;
|
|
||||||
nspec = 0;
|
|
||||||
- while (fgets_unlocked(line_buf, sizeof line_buf, fp) && nspec < maxnspec) {
|
|
||||||
+ while (getline(&line_buf, &line_len, fp) > 0 && nspec < maxnspec) {
|
|
||||||
if (process_line(path, line_buf, pass, ++lineno) != 0)
|
|
||||||
goto finish;
|
|
||||||
}
|
|
||||||
if (homedirfp)
|
|
||||||
- while (fgets_unlocked(line_buf, sizeof line_buf, homedirfp) && nspec < maxnspec) {
|
|
||||||
+ while (getline(&line_buf, &line_len, homedirfp) > 0 && nspec < maxnspec) {
|
|
||||||
if (process_line(homedir_path, line_buf, pass, ++lineno) != 0)
|
|
||||||
goto finish;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
if (localfp)
|
|
||||||
- while (fgets_unlocked(line_buf, sizeof line_buf, localfp) && nspec < maxnspec) {
|
|
||||||
+ while (getline(&line_buf, &line_len, localfp) > 0 && nspec < maxnspec) {
|
|
||||||
if (process_line(local_path, line_buf, pass, ++lineno) != 0)
|
|
||||||
goto finish;
|
|
||||||
}
|
|
||||||
@@ -583,6 +587,7 @@
|
|
||||||
if (localfp) rewind(localfp);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
+ free(line_buf);
|
|
||||||
|
|
||||||
/* Move exact pathname specifications to the end. */
|
|
||||||
spec_copy = malloc(sizeof(spec_t) * nspec);
|
|
||||||
--- libselinux-1.21.10/utils/setsebool.c.ud 2005-02-17 11:22:47.000000000 -0800
|
|
||||||
+++ libselinux-1.21.10/utils/setsebool.c 2005-02-20 12:04:50.001377520 -0800
|
|
||||||
@@ -122,6 +122,7 @@
|
|
||||||
if (permanent) {
|
|
||||||
char **names;
|
|
||||||
const char *bool_file;
|
|
||||||
+ char *tmp_bool_file;
|
|
||||||
int rc, len, fd, j;
|
|
||||||
|
|
||||||
rc = security_get_boolean_names(&names, &len);
|
|
||||||
@@ -143,8 +144,9 @@
|
|
||||||
|
|
||||||
/* Open file */
|
|
||||||
bool_file = selinux_booleans_path();
|
|
||||||
- fd = open(bool_file, O_CREAT | O_TRUNC | O_WRONLY,
|
|
||||||
- S_IRUSR | S_IWUSR);
|
|
||||||
+ tmp_bool_file = (char *) alloca (strlen(bool_file) + 8);
|
|
||||||
+ strcpy(stpcpy(tmp_bool_file, bool_file), ".XXXXXX");
|
|
||||||
+ fd = mkstemp(tmp_bool_file);
|
|
||||||
if (fd < 0) {
|
|
||||||
fprintf(stderr,
|
|
||||||
"Error creating boolean file %s\n",
|
|
||||||
@@ -157,13 +159,25 @@
|
|
||||||
/* Walk the list in pending memory, writing each to the file */
|
|
||||||
for (j=0; j<len; j++) {
|
|
||||||
char val_str[72];
|
|
||||||
+ int len;
|
|
||||||
int pending = security_get_boolean_pending(names[j]);
|
|
||||||
- snprintf(val_str, sizeof(val_str), "%s=%d\n",
|
|
||||||
+ len = snprintf(val_str, sizeof(val_str), "%s=%d\n",
|
|
||||||
names[j], pending);
|
|
||||||
- write(fd, val_str, strlen(val_str));
|
|
||||||
+ if (write(fd, val_str, len) != len) {
|
|
||||||
+ close_remove_fail:
|
|
||||||
+ close(fd);
|
|
||||||
+ remove_fail:
|
|
||||||
+ unlink(tmp_bool_file);
|
|
||||||
+ rollback(list, start, i);
|
|
||||||
+ return 8;
|
|
||||||
+ }
|
|
||||||
}
|
|
||||||
|
|
||||||
+ if (fchmod(fd, S_IRUSR | S_IWUSR) != 0)
|
|
||||||
+ goto close_remove_fail;
|
|
||||||
close(fd);
|
|
||||||
+ if (rename(tmp_bool_file, bool_file) != 0)
|
|
||||||
+ goto remove_fail;
|
|
||||||
syslog(LOG_NOTICE, "%s has been updated.", bool_file);
|
|
||||||
}
|
|
||||||
|
|
||||||
|
if (i < 0)
|
||||||
|
@ -1,11 +1,10 @@
|
|||||||
Summary: SELinux library and simple utilities
|
Summary: SELinux library and simple utilities
|
||||||
Name: libselinux
|
Name: libselinux
|
||||||
Version: 1.21.11
|
Version: 1.21.12
|
||||||
Release: 1
|
Release: 1
|
||||||
License: Public domain (uncopyrighted)
|
License: Public domain (uncopyrighted)
|
||||||
Group: System Environment/Libraries
|
Group: System Environment/Libraries
|
||||||
Source: http://www.nsa.gov/selinux/archives/%{name}-%{version}.tgz
|
Source: http://www.nsa.gov/selinux/archives/%{name}-%{version}.tgz
|
||||||
#Patch: libselinux-rhat.patch
|
|
||||||
|
|
||||||
BuildRoot: %{_tmppath}/%{name}-%{version}-buildroot
|
BuildRoot: %{_tmppath}/%{name}-%{version}-buildroot
|
||||||
|
|
||||||
@ -35,7 +34,6 @@ needed for developing SELinux applications.
|
|||||||
|
|
||||||
%prep
|
%prep
|
||||||
%setup -q
|
%setup -q
|
||||||
#%patch -p1 -b .rhat
|
|
||||||
|
|
||||||
%build
|
%build
|
||||||
make CFLAGS="-g %{optflags}"
|
make CFLAGS="-g %{optflags}"
|
||||||
@ -86,6 +84,13 @@ rm -rf ${RPM_BUILD_ROOT}
|
|||||||
%{_mandir}/man8/*
|
%{_mandir}/man8/*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Mar 1 2005 Dan Walsh <dwalsh@redhat.com> 1.21.12-1
|
||||||
|
- Update from NSA
|
||||||
|
* Changed matchpathcon_common to ignore any non-format bits in the mode.
|
||||||
|
|
||||||
|
* Mon Feb 28 2005 Dan Walsh <dwalsh@redhat.com> 1.21.11-2
|
||||||
|
- Default matchpathcon to regular files if the user specifies a mode
|
||||||
|
|
||||||
* Tue Feb 22 2005 Dan Walsh <dwalsh@redhat.com> 1.21.11-1
|
* Tue Feb 22 2005 Dan Walsh <dwalsh@redhat.com> 1.21.11-1
|
||||||
- Update from NSA
|
- Update from NSA
|
||||||
* Merged several fixes from Ulrich Drepper.
|
* Merged several fixes from Ulrich Drepper.
|
||||||
|
Loading…
Reference in New Issue
Block a user