lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Wed, 08 Aug 2012 09:58:36 -0700
From:	John Johansen <john.johansen@...onical.com>
To:	"Serge E. Hallyn" <serge@...lyn.com>
CC:	Paul Moore <paul@...l-moore.com>,
	John Stultz <john.stultz@...aro.org>,
	lkml <linux-kernel@...r.kernel.org>,
	James Morris <james.l.morris@...cle.com>, selinux@...ho.nsa.gov
Subject: Re: NULL pointer dereference in selinux_ip_postroute_compat

On 08/07/2012 03:17 PM, Serge E. Hallyn wrote:
> Quoting Paul Moore (paul@...l-moore.com):
>> On Tue, Aug 7, 2012 at 5:58 PM, John Stultz <john.stultz@...aro.org> wrote:
>>> On 08/07/2012 02:50 PM, Paul Moore wrote:
>>>>
>>>> On Tue, Aug 7, 2012 at 2:12 PM, John Stultz <john.stultz@...aro.org>
>>>> wrote:
>>>>>
>>>>> Hi,
>>>>>      With my kvm environment using 3.6-rc1+, I'm seeing NULL pointer
>>>>> dereferences in selinux_ip_postroute_compat(). It looks like the sksec
>>>>> value
>>>>> is null and we die in the following line:
>>>>>
>>>>>      if (selinux_xfrm_postroute_last(sksec->sid, skb, &ad, proto))
>>>>>
>>>>> This triggers every time I shutdown the machine, but has also triggered
>>>>> randomly after a few hours.
>>>>>
>>>>> This is on an ubuntu 12.04 image, not using selinux.
>>>>
>>>> NOTE: Adding the SELinux list to the CC line
>>>
>>> Thanks!
>>>
>>>> Hi,
>>>>
>>>> I'm trying to understand this and I was hoping you could you clarify a
>>>> few things for me:
>>>>
>>>> * Is the panic in the Ubuntu 12.04 guest, or the host?  If the host,
>>>> could you share what distribution you are using?
>>>
>>> Sorry, its a 12.04 guest.  I think the host is Ubuntu 12.04 as well.
>>>
>>>
>>>> * When you say you are not using SELinux, could you be more specific?
>>>> It seems odd that you are not using SELinux but the panic is happening
>>>> in a SELinux hook.
>>>
>>> I just mean that, being Ubuntu,  the system (userland) isn't configured to
>>> use selinux.  SELinux is just enabled in the kernel config.
>>
>> Thanks for the quick response, I'll setup an Ubuntu guest and see if I
>> can reproduce this ... something is odd.  Anything non-standard about
>> your guest install or anything else you think might be helpful?
> 
> The problem seems to be that selinux_nf_ip_init() was called, which
> registers the selinux_ipv4_ops (and ipv6).  Those should not get registered
> if selinux ends up not being loaded (as in, if apparmor is loaded first),
> since as you've found here the selinux lsm hooks won't be called to set
> call selinux_sk_alloc_security().
> 
> I assume what's happening is that CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE was
> set to 1, but selinux ended up being set to disabled after the
> __initcall(selinux_nf_ip_init) ran?  Weird.
> 
Its not an Ubuntu kernel. The config has selinux set as the only LSM and
it is configured to be on by default

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists