[rsbac] Medium Bugfix 1.2.4-7

Amon Ott ao at rsbac.org
Tue Jul 12 09:19:43 CEST 2005


7. General/2.6 kernels: Fix rare file lookup failures with symlink 
redirection enabled.

    * Urgency: Medium.
    * What you see: In some rare cases, filenames cannot be looked up 
correctly, and a file not found error gets returned. This only 
happens on 2.6 kernels with ext2 or ext3 and if symlink redirection 
has been enabled.
    * What is wrong: Newer 2.6 kernels violate the filesystem layering 
by directly using a pointer to ext2/ext3 internal data from virtual 
filesystem switch instead of copying the string content. RSBAC 
symlink redirection replaces the string by a possibly redirected 
temporary string, which gets freed after use. When the higher layer 
uses the direct pointer, the string is no longer valid and its 
content might have been changed by another memory user.
    * Implications: Random programs might fail or produce weird 
results, because they cannot read other files.
    * RSBAC versions affected: 1.2.4.
    * Bugtracker issue: none.
    * What you should do: Apply the patch for 2.6 (MD5 / GnuPG Cert) 
or the patch for 2.4 (MD5 / GnuPG Cert) to get the bug corrected and 
to avoid unnecessary string allocations, recompile the kernel, 
reinstall and reboot.

Amon.
-- 
http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
-------------- nächster Teil --------------
Ein Dateianhang mit Binärdaten wurde abgetrennt...
Dateiname   : rsbac-bugfix-v1.2.4-7-2.4.diff
Dateityp    : text/x-diff
Dateigröße  : 18201 bytes
Beschreibung: nicht verfügbar
URL         : http://rsbac.dyndns.org/pipermail/rsbac/attachments/20050712/6559b9ee/rsbac-bugfix-v1.2.4-7-2.4-0001.bin
-------------- nächster Teil --------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQBCxRY8q9yn6h5RTo8RAjMvAJ46ABlWXN37FSbz9APAUP7FKXy/EQCfV93G
sod1TT0PrNh7DKQ7P6Q1urk=
=Xnad
-----END PGP SIGNATURE-----
-------------- nächster Teil --------------
93f5c2f4876ec5c714dbab6080717ff3  rsbac-bugfix-v1.2.4-7-2.4.diff
-------------- nächster Teil --------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQBCxRZCq9yn6h5RTo8RAo61AJ0RfoXHhG6zErqnIqyy0MZKILf4xwCcCGul
NyH5ZQU5BIQBdzjrxXdXlaQ=
=cXJk
-----END PGP SIGNATURE-----
-------------- nächster Teil --------------
e927f626190fefdf6cc4db2c93391d18  rsbac-bugfix-v1.2.4-7-2.6.diff
-------------- nächster Teil --------------
Ein Dateianhang mit Binärdaten wurde abgetrennt...
Dateiname   : rsbac-bugfix-v1.2.4-7-2.6.diff
Dateityp    : text/x-diff
Dateigröße  : 15706 bytes
Beschreibung: nicht verfügbar
URL         : http://rsbac.dyndns.org/pipermail/rsbac/attachments/20050712/6559b9ee/rsbac-bugfix-v1.2.4-7-2.6-0001.bin


More information about the rsbac mailing list