Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Gentoo Hardened (http://www.linux-archive.org/gentoo-hardened/)
-   -   SELinux bughunt (http://www.linux-archive.org/gentoo-hardened/555003-selinux-bughunt.html)

Sven Vermeulen 07-21-2011 10:06 AM

SELinux bughunt
 
Hi guys,

The SELinux bugs are "piling" up but most of them are resolved and I'd like to
use the STATUS field to keep track of which bugs are actually still open...

Considering the available states in the status field in bugzilla, I think it
is a nice idea to say:

UNCONFIRMED = reported, not taken up
CONFIRMED = reported and considered valid
IN_PROGRESS = taken up by a developer, fix might be available (ask developer)
RESOLVED = fix available, waiting QA. Fix might be in hardened-dev.git
or another overlay
VERIFIED = fix available and accepted. Fix might be in ~arch
FIXED = fix available and in portage tree "arch" status

I know it looks like some bureaucratic nonesense for some, but at least that
allows poor developers like me to see which bugs are still open for grabs,
which are awaiting stabilization, which still needs to be pushed to portage
tree, etc.

Considering the above (but also recent updates and fixes), the following
bugs need to be altered. Perhaps someone can take care of this for me?

#283274 - Mark as FIXED
#134129 - Mark as WONTFIX (we do not support SELinux and PPC)
#274239 - Mark as FIXED
#306393 - Mark as VERIFIED
#257111 - Mark as VERIFIED
#275085 - Mark as RESOLVED
#211374 - Mark as IN_PROGRESS
#368795 - Mark as RESOLVED
#365761 - Mark as CONFIRMED
#370765 - Mark as RESOLVED NEEDINFO + comment that the bug needs to be reopened then
#371831 - Mark as RESOLVED
#369089 - Mark as VERIFIED
#371425 - Mark as VERIFIED
#374991 - Mark as FIXED
#375475 - Mark as CONFIRMED
#375617 - Mark as IN_PROGRESS
#373381 - Mark as CONFIRMED

Thanks in advance.

Wkr,
Sven Vermeulen

"Chris Richards" 07-21-2011 01:47 PM

SELinux bughunt
 
On Thu, July 21, 2011 5:06 am, Sven Vermeulen wrote:
> Hi guys,
>
> The SELinux bugs are "piling" up but most of them are resolved and I'd
> like to
> use the STATUS field to keep track of which bugs are actually still
> open...
>
> Considering the available states in the status field in bugzilla, I think
> it
> is a nice idea to say:

Is there not already a standard definition of what these statuses mean?
If so, why not use that, rather than defining our own definitions within
the SELinux team?

Later,
Gizmo

"Chris Richards" 07-21-2011 01:47 PM

SELinux bughunt
 
On Thu, July 21, 2011 5:06 am, Sven Vermeulen wrote:
> Hi guys,
>
> The SELinux bugs are "piling" up but most of them are resolved and I'd
> like to
> use the STATUS field to keep track of which bugs are actually still
> open...
>
> Considering the available states in the status field in bugzilla, I think
> it
> is a nice idea to say:

Is there not already a standard definition of what these statuses mean?
If so, why not use that, rather than defining our own definitions within
the SELinux team?

Later,
Gizmo

Sven Vermeulen 07-21-2011 01:55 PM

SELinux bughunt
 
On Thu, Jul 21, 2011 at 3:47 PM, Chris Richards <gizmo@giz-works.com> wrote:

Is there not already a standard definition of what these statuses mean?

If so, why not use that, rather than defining our own definitions within

the SELinux team?


There is, and the definition I gave earlier matches on it. Problem is that the definitions are ambiguous.

Wkr,
* Sven Vermeulen

Sven Vermeulen 07-21-2011 01:55 PM

SELinux bughunt
 
On Thu, Jul 21, 2011 at 3:47 PM, Chris Richards <gizmo@giz-works.com> wrote:

Is there not already a standard definition of what these statuses mean?

If so, why not use that, rather than defining our own definitions within

the SELinux team?


There is, and the definition I gave earlier matches on it. Problem is that the definitions are ambiguous.

Wkr,
* Sven Vermeulen

"Anthony G. Basile" 07-22-2011 10:37 AM

SELinux bughunt
 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 07/21/2011 06:06 AM, Sven Vermeulen wrote:
> Hi guys,
>
> The SELinux bugs are "piling" up but most of them are resolved and I'd like to
> use the STATUS field to keep track of which bugs are actually still open...
>
> Considering the available states in the status field in bugzilla, I think it
> is a nice idea to say:
>
> UNCONFIRMED = reported, not taken up
> CONFIRMED = reported and considered valid
> IN_PROGRESS = taken up by a developer, fix might be available (ask developer)
> RESOLVED = fix available, waiting QA. Fix might be in hardened-dev.git
> or another overlay
> VERIFIED = fix available and accepted. Fix might be in ~arch
> FIXED = fix available and in portage tree "arch" status
>
> I know it looks like some bureaucratic nonesense for some, but at least that
> allows poor developers like me to see which bugs are still open for grabs,
> which are awaiting stabilization, which still needs to be pushed to portage
> tree, etc.
>
> Considering the above (but also recent updates and fixes), the following
> bugs need to be altered. Perhaps someone can take care of this for me?
>
> #283274 - Mark as FIXED
> #134129 - Mark as WONTFIX (we do not support SELinux and PPC)
> #274239 - Mark as FIXED
> #306393 - Mark as VERIFIED
> #257111 - Mark as VERIFIED
> #275085 - Mark as RESOLVED
> #211374 - Mark as IN_PROGRESS
> #368795 - Mark as RESOLVED
> #365761 - Mark as CONFIRMED
> #370765 - Mark as RESOLVED NEEDINFO + comment that the bug needs to be reopened then
> #371831 - Mark as RESOLVED
> #369089 - Mark as VERIFIED
> #371425 - Mark as VERIFIED
> #374991 - Mark as FIXED
> #375475 - Mark as CONFIRMED
> #375617 - Mark as IN_PROGRESS
> #373381 - Mark as CONFIRMED
>
> Thanks in advance.
>
> Wkr,
> Sven Vermeulen

I'll get them.



- --
Anthony G. Basile, Ph. D.
Chair of Information Technology
D'Youville College
Buffalo, NY 14201
(716) 829-8197
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEAREIAAYFAk4pUvcACgkQl5yvQNBFVTUjUwCff769Pq00bD YBgmWSqhnLxFVN
POEAnj1UsjVzPS4k61W+IVElkK1L8k/0
=J3Sv
-----END PGP SIGNATURE-----

d hee 07-22-2011 02:27 PM

SELinux bughunt
 
Hello,

Bug #283274 is NOT FIXED. I just updated my system last night and I got a segment fault with trying to encrypt a partition in luks format. Not only that, but I used to copy the patch and patch the ebuild to over come this. For some strange reason, the patch no longer works. In addition, it would of been nice if the patch was included in the original ebuild as it will be a long time before glibc-12.3-r2 will be unmasked. I have posted the results in the bug report.


Thank you,
-Darin Hensley





----- Original Message -----
From: Anthony G. Basile <basile@opensource.dyc.edu>
To: gentoo-hardened@lists.gentoo.org
Cc:
Sent: Friday, July 22, 2011 5:37 AM
Subject: Re: [gentoo-hardened] SELinux bughunt

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 07/21/2011 06:06 AM, Sven Vermeulen wrote:
> Hi guys,
>
> The SELinux bugs are "piling" up but most of them are resolved and I'd like to
> use the STATUS field to keep track of which bugs are actually still open...
>
> Considering the available states in the status field in bugzilla, I think it
> is a nice idea to say:
>
>* UNCONFIRMED = reported, not taken up
>* CONFIRMED* = reported and considered valid
>* IN_PROGRESS = taken up by a developer, fix might be available (ask developer)
>* RESOLVED* * = fix available, waiting QA. Fix might be in hardened-dev.git
>* * * * * * * * or another overlay
>* VERIFIED* * = fix available and accepted. Fix might be in ~arch
>* FIXED* * * = fix available and in portage tree "arch" status
>
> I know it looks like some bureaucratic nonesense for some, but at least that
> allows poor developers like me to see which bugs are still open for grabs,
> which are awaiting stabilization, which still needs to be pushed to portage
> tree, etc.
>
> Considering the above (but also recent updates and fixes), the following
> bugs need to be altered. Perhaps someone can take care of this for me?
>
> #283274 - Mark as FIXED
> #134129 - Mark as WONTFIX (we do not support SELinux and PPC)
> #274239 - Mark as FIXED
> #306393 - Mark as VERIFIED
> #257111 - Mark as VERIFIED
> #275085 - Mark as RESOLVED
> #211374 - Mark as IN_PROGRESS
> #368795 - Mark as RESOLVED
> #365761 - Mark as CONFIRMED
> #370765 - Mark as RESOLVED NEEDINFO + comment that the bug needs to be reopened then
> #371831 - Mark as RESOLVED
> #369089 - Mark as VERIFIED
> #371425 - Mark as VERIFIED
> #374991 - Mark as FIXED
> #375475 - Mark as CONFIRMED
> #375617 - Mark as IN_PROGRESS
> #373381 - Mark as CONFIRMED
>
> Thanks in advance.
>
> Wkr,
> *** Sven Vermeulen

I'll get them.



- --
Anthony G. Basile, Ph. D.
Chair of Information Technology
D'Youville College
Buffalo, NY 14201
(716) 829-8197
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEAREIAAYFAk4pUvcACgkQl5yvQNBFVTUjUwCff769Pq00bD YBgmWSqhnLxFVN
POEAnj1UsjVzPS4k61W+IVElkK1L8k/0
=J3Sv
-----END PGP SIGNATURE-----

Sven Vermeulen 07-22-2011 03:08 PM

SELinux bughunt
 
On Fri, Jul 22, 2011 at 07:27:23AM -0700, d hee wrote:
> Bug #283274 is NOT FIXED. I just updated my system last night and I got a
> segment fault with trying to encrypt a partition in luks format. Not only
> that, but I used to copy the patch and patch the ebuild to over come this.
> For some strange reason, the patch no longer works. In addition, it would
> of been nice if the patch was included in the original ebuild as it will
> be a long time before glibc-12.3-r2 will be unmasked. I have posted the
> results in the bug report.

Bug #283274 is about app-admin/setools-3.3.6 not being able to be built,
which was confirmed fixed by the reporter. It doesn't talk about encryption
or luks.

I guess you mean bug #361911, which is about cryptsetup. This one is still
open.

Wkr,
Sven Vermeulen

d hee 07-22-2011 06:07 PM

SELinux bughunt
 
No, Bug #283274 is about segmentation fault when encrypting a Luks partition :


From the original poster:

"

Trying to run the following command always results in the following: luffy ~ # /sbin/cryptsetup --cipher=aes-cbc-essiv:sha256 -s 256 luksFormat
/dev/md0 WARNING!
========
This will overwrite data on /dev/md0 irrevocably. Are you sure? (Type uppercase yes): YES
Segmentation fault (core dumped) I have two nearly identical systems (CPU,Mobo,etc) one running gentoo-sources
(phoenix) and hardened-sources (luffy). Reproducible: Always Steps to Reproduce:
1. luffy ~ # /sbin/cryptsetup --cipher=aes-cbc-essiv:sha256 -s 256 luksFormat
/dev/md0
2. Type "YES"
3. View segfalt Actual Results:
luffy ~ # /sbin/cryptsetup --cipher=aes-cbc-essiv:sha256 -s 256 luksFormat
/dev/md0 WARNING!
========
This will overwrite data on /dev/md0 irrevocably. Are you sure? (Type uppercase yes): YES
Segmentation fault (core dumped)"


This was dated back in 2009. Then a patch fixed the problem. But the patch no longer works. This happened on my system last night after a rebuild from a world update.

Thank you,
Darin







----- Original Message -----
From: Sven Vermeulen <sven.vermeulen@siphos.be>
To: gentoo-hardened@lists.gentoo.org
Cc:
Sent: Friday, July 22, 2011 10:08 AM
Subject: Re: [gentoo-hardened] SELinux bughunt

On Fri, Jul 22, 2011 at 07:27:23AM -0700, d hee wrote:
> Bug #283274 is NOT FIXED. I just updated my system last night and I got a
> segment fault with trying to encrypt a partition in luks format. Not only
> that, but I used to copy the patch and patch the ebuild to over come this.
> For some strange reason, the patch no longer works. In addition, it would
> of been nice if the patch was included in the original ebuild as it will
> be a long time before glibc-12.3-r2 will be unmasked. I have posted the
> results in the bug report.

Bug #283274 is about app-admin/setools-3.3.6 not being able to be built,
which was confirmed fixed by the reporter. It doesn't talk about encryption
or luks.

I guess you mean bug #361911, which is about cryptsetup. This one is still
open.

Wkr,
*** Sven Vermeulen

"Anthony G. Basile" 07-22-2011 07:33 PM

SELinux bughunt
 
On 07/22/2011 02:07 PM, d hee wrote:
> No, Bug #283274 is about segmentation fault when encrypting a Luks partition :

Please look at the following links:

https://bugs.gentoo.org/show_bug.cgi?id=283274

https://bugs.gentoo.org/show_bug.cgi?id=283470



--
Anthony G. Basile, Ph. D.
Chair of Information Technology
D'Youville College
Buffalo, NY 14201
(716) 829-8197


All times are GMT. The time now is 11:17 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.