Bug#249784: marked as done (kdm: Patch for SE/Linux 2.6 Security enhancements)

To: Olivier Vitrat <ovit.debian@gmail.com>
Subject: Bug#249784: marked as done (kdm: Patch for SE/Linux 2.6 Security enhancements)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Thu, 04 Mar 2010 19:09:03 +0000
Message-id: <[🔎] handler.249784.D249784.126772968724329.ackdone@bugs.debian.org>
References: <9f694b821003041108q24014fe7m724e32d6b6d0e000@mail.gmail.com> <E1BQLrz-0006Jw-83@lkcl.net>

Your message dated Thu, 4 Mar 2010 14:08:01 -0500
with message-id <9f694b821003041108q24014fe7m724e32d6b6d0e000@mail.gmail.com>
and subject line Closing bug #249784
has caused the Debian Bug report #249784,
regarding kdm: Patch for SE/Linux 2.6 Security enhancements
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
249784: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=249784
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: kdm: Patch for SE/Linux 2.6 Security enhancements
From: Luke Kenneth Casson Leighton <lkcl@lkcl.net>
Date: Wed, 19 May 2004 07:52:07 +0000
Message-id: <E1BQLrz-0006Jw-83@lkcl.net>

Package: kdm
Severity: wishlist


this is pretty much it, believe it or not.
of course configure --enable-selinux is required (in debian/rules).

the debian package should have --enable-selinux ON by default.

if you are considering _not_ applying this patch, then consider this:
a large number of packages have already accepted, upstream, the
selinux patches, including logrotate and gdm.

therefore, libselinux, like libacl, is pretty much going to become
a part of the base linux install.

also, the patch has ZERO effect on a system which has neither selinux
enabled at boot-time nor selinux compiled/modules _in_ the kernel.


--- client.c.old	2004-05-19 07:40:58.000000000 +0000
+++ kdm/backend/client.c	2004-05-19 07:18:01.000000000 +0000
@@ -44,6 +44,12 @@
 #include <sys/stat.h>
 #include <pwd.h>
 #include <grp.h>
+
+#ifdef WITH_SELINUX
+#include <selinux/get_context_list.h>
+#include <selinux/selinux.h>
+#endif
+
 #ifdef SECURE_RPC
 # include <rpc/rpc.h>
 # include <rpc/key_prot.h>
@@ -1085,6 +1091,24 @@
 	   systemEnviron);
 
     /*
+     * for Security Enhanced Linux,
+     * set the default security context for this user.
+     */
+#ifdef WITH_SELINUX
+   if (is_selinux_enabled())
+   {
+        security_context_t scontext;
+        if (get_default_context(name,NULL,&scontext))
+             LogError("Failed to get default security context for %s.", name);
+        Debug("setting security context to %s", scontext);
+        if (setexeccon(scontext)) {
+             freecon(scontext);
+             LogError("Failed to set exec security context %s for %s.", scontext, name);
+        }
+        freecon(scontext);
+   }
+#endif
+    /*
      * for user-based authorization schemes,
      * add the user to the server's allowed "hosts" list.
      */
--- configure.in.in.old	2004-05-19 07:43:37.000000000 +0000
+++ configure.in.in	2004-05-19 07:18:15.000000000 +0000
@@ -197,3 +197,23 @@
 #endif
 ])
 
+AC_MSG_CHECKING(for SELinux support)
+AC_ARG_ENABLE(selinux,
+   AC_HELP_STRING([--enable-selinux], [enable SELinux support]),
+   [
+       AC_MSG_RESULT(yes)
+       AC_CHECK_LIB(selinux, is_selinux_enabled, [SELINUX_LDFLAGS="-lselinux"
+           AC_DEFINE_UNQUOTED(HAVE_SELINUX_LIB, 1, [Define if libselinux is installed])
+               AC_DEFINE(WITH_SELINUX, 1, [Define if you want wdm to be compiled with SELinux support])
+               SELINUX_CFLAGS="-DWITH_SELINUX -I/usr/include/selinux"
+               ],
+               [
+               AC_MSG_WARN([libselinux not found, compiling without SELinux support])
+               ])
+   ],
+   [
+       AC_MSG_RESULT(no)
+   ])
+AC_SUBST(SELINUX_LDFLAGS)
+AC_SUBST(SELINUX_CFLAGS)
+
--- Makefile.am.old	2004-05-19 07:46:07.000000000 +0000
+++ kdm/backend/Makefile.am	2004-05-19 07:18:31.000000000 +0000
@@ -8,6 +8,10 @@
     $(LIB_LIBS) $(KRB4_LIBS) $(KRB5_LIBS) $(LIBSOCKET) $(LIBRESOLV) \
     $(LIBUCB) $(LIBUTIL)
 
+CPPFLAGS = $(CPPFLAGS) $(SELINUX_CFLAGS)
+CFLAGS = $(CFLAGS) $(SELINUX_CFLAGS)
+LDFLAGS = $(LDFLAGS) $(SELINUX_LDFLAGS)
+
 bin_PROGRAMS = kdm
 kdm_SOURCES = \
     access.c \
-- System Information:
Debian Release: testing/unstable
Architecture: i386
Kernel: Linux highfield 2.6.6-selinux1 #5 Tue May 18 16:33:29 GMT 2004 i686
Locale: LANG=C, LC_CTYPE=C

--- End Message ---

--- Begin Message ---

To: 249784-done@bugs.debian.org

Subject: Closing bug #249784

From: Olivier Vitrat <ovit.debian@gmail.com>

Date: Thu, 4 Mar 2010 14:08:01 -0500

Message-id: <9f694b821003041108q24014fe7m724e32d6b6d0e000@mail.gmail.com>
No answer from submitter. Closing this bug report.
Olivier
--- End Message ---

Reply to:

Prev by Date: Processed: your mail
Next by Date: Processing of google-gadgets_0.11.2-1_amd64.changes
Previous by thread: Bug#367085: marked as done (qt3-qtconfig: the point size is always shown as 6)
Next by thread: Processing of google-gadgets_0.11.2-1_amd64.changes
Index(es):
- Date
- Thread