Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 153687 - seuser command segfaults
Summary: seuser command segfaults
Alias: None
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: setools
Version: 4.0
Hardware: All
OS: Linux
Target Milestone: ---
: ---
Assignee: Daniel Walsh
QA Contact:
Depends On:
TreeView+ depends on / blocked
Reported: 2005-04-05 01:08 UTC by Stephen Gardner
Modified: 2007-11-30 22:07 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2005-10-12 18:15:49 UTC
Target Upstream Version:

Attachments (Terms of Use)

Description Stephen Gardner 2005-04-05 01:08:23 UTC
Description of problem:
When seuser command is run with various switches command segfaults

Version-Release number of selected component (if applicable):
[ i386 (clean install, no packages changed from default) ]
[ i386 (patched up2date) ]
[ x86_64 (patched up2date) ]

How reproducible:
With and without X running.
As a root and non-root user.

Steps to Reproduce:
seuser -h
seuser version

Actual results:
[root@server1 ~]# seuser version
Segmentation fault

[root@server1 ~]# seuser -h
Segmentation fault

The same occurs with non-sense input after the command name for example

[root@netserver-new setools]# seuser 1234567890
Segmentation fault
[root@netserver-new setools]# seuser foobarfoobar
Segmentation fault

Expected results:
Command displays help / version string / exits normally etc

Additional info:
I freely admit I know little about SElinux sub-system or its operation but this
seems too fundamental to overlook and worth reporting.

I note that the setools-1.5.1-5 SRPM  does include the patch from Bugzilla Bug
138297 which on initial inspection seemed similar.

Comment 1 Daniel Walsh 2005-04-07 15:10:37 UTC
seuser is not intended to be used in targeted policy, only strict.  But I have
prepared a fix on

This should go into U2 since U1 is already frozen.

Please try it out.

Comment 2 Stephen Gardner 2005-04-07 15:42:45 UTC
I can confirm that seuser from the (-5.1 release rpm you provided) now exits
cleanly on RHEL4-U0 (i386 and x86_86) with valid and invalid command line
switches passed to it.

Thanks for the note regarding its intended usage on strict policy systems which
I was unaware of.

Comment 3 Daniel Walsh 2005-04-07 15:54:50 UTC
The main use of seuser is to manipulate the user database, similarly to useradd,
userdel ...

It's main difference is that it will also manipulate the roles database of
SELinux.  roles are not really used in targeted policy.  We also intend to move
the ability to manipulate roles into useradd and friends in the future.  This
mechanism will be different then seuser since it will not require that policy
sources be installed.


Note You need to log in before you can comment on or make changes to this bug.