Bug#249784: closed by Olivier Vitrat <ovit.debian@gmail.com> (Closing bug #249784)

To: 249784@bugs.debian.org
Subject: Bug#249784: closed by Olivier Vitrat <ovit.debian@gmail.com> (Closing bug #249784)
From: Luke Kenneth Casson Leighton <lkcl@lkcl.net>
Date: Thu, 4 Mar 2010 19:55:46 +0000
Message-id: <[🔎] ced5f0f61003041155v71018246y18f9cf5396cc7bf6@mail.gmail.com>
Reply-to: Luke Kenneth Casson Leighton <lkcl@lkcl.net>, 249784@bugs.debian.org
In-reply-to: <handler.249784.D249784.126772968724329.notifdone@bugs.debian.org>
References: <9f694b821003041108q24014fe7m724e32d6b6d0e000@mail.gmail.com> <E1BQLrz-0006Jw-83@lkcl.net> <handler.249784.D249784.126772968724329.notifdone@bugs.debian.org>

sorry, oliver: in order to solicit an answer, an actual question has
to be asked.  no question was asked, therefore of course there was no
fricking answer.  so - what was the question?

On Thu, Mar 4, 2010 at 7:09 PM, Debian Bug Tracking System
<owner@bugs.debian.org> wrote:
> This is an automatic notification regarding your Bug report
> which was filed against the kdm package:
>
> #249784: kdm: Patch for SE/Linux 2.6 Security enhancements
>
> It has been closed by Olivier Vitrat <ovit.debian@gmail.com>.
>
> Their explanation is attached below along with your original report.
> If this explanation is unsatisfactory and you have not received a
> better one in a separate message then please contact Olivier Vitrat <ovit.debian@gmail.com> by
> replying to this email.
>
>
> --
> 249784: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=249784
> Debian Bug Tracking System
> Contact owner@bugs.debian.org with problems
>
>
> ---------- Forwarded message ----------
> From: Olivier Vitrat <ovit.debian@gmail.com>
> To: 249784-done@bugs.debian.org
> Date: Thu, 4 Mar 2010 14:08:01 -0500
> Subject: Closing bug #249784
> No answer from submitter. Closing this bug report.
> Olivier
>
>
>
> ---------- Forwarded message ----------
> From: Luke Kenneth Casson Leighton <lkcl@lkcl.net>
> To: Debian Bug Tracking System <submit@bugs.debian.org>
> Date: Wed, 19 May 2004 07:52:07 +0000
> Subject: kdm: Patch for SE/Linux 2.6 Security enhancements
> Package: kdm
> Severity: wishlist
>
>
> this is pretty much it, believe it or not.
> of course configure --enable-selinux is required (in debian/rules).
>
> the debian package should have --enable-selinux ON by default.
>
> if you are considering _not_ applying this patch, then consider this:
> a large number of packages have already accepted, upstream, the
> selinux patches, including logrotate and gdm.
>
> therefore, libselinux, like libacl, is pretty much going to become
> a part of the base linux install.
>
> also, the patch has ZERO effect on a system which has neither selinux
> enabled at boot-time nor selinux compiled/modules _in_ the kernel.
>
>
> --- client.c.old        2004-05-19 07:40:58.000000000 +0000
> +++ kdm/backend/client.c        2004-05-19 07:18:01.000000000 +0000
> @@ -44,6 +44,12 @@
>  #include <sys/stat.h>
>  #include <pwd.h>
>  #include <grp.h>
> +
> +#ifdef WITH_SELINUX
> +#include <selinux/get_context_list.h>
> +#include <selinux/selinux.h>
> +#endif
> +
>  #ifdef SECURE_RPC
>  # include <rpc/rpc.h>
>  # include <rpc/key_prot.h>
> @@ -1085,6 +1091,24 @@
>           systemEnviron);
>
>     /*
> +     * for Security Enhanced Linux,
> +     * set the default security context for this user.
> +     */
> +#ifdef WITH_SELINUX
> +   if (is_selinux_enabled())
> +   {
> +        security_context_t scontext;
> +        if (get_default_context(name,NULL,&scontext))
> +             LogError("Failed to get default security context for %s.", name);
> +        Debug("setting security context to %s", scontext);
> +        if (setexeccon(scontext)) {
> +             freecon(scontext);
> +             LogError("Failed to set exec security context %s for %s.", scontext, name);
> +        }
> +        freecon(scontext);
> +   }
> +#endif
> +    /*
>      * for user-based authorization schemes,
>      * add the user to the server's allowed "hosts" list.
>      */
> --- configure.in.in.old 2004-05-19 07:43:37.000000000 +0000
> +++ configure.in.in     2004-05-19 07:18:15.000000000 +0000
> @@ -197,3 +197,23 @@
>  #endif
>  ])
>
> +AC_MSG_CHECKING(for SELinux support)
> +AC_ARG_ENABLE(selinux,
> +   AC_HELP_STRING([--enable-selinux], [enable SELinux support]),
> +   [
> +       AC_MSG_RESULT(yes)
> +       AC_CHECK_LIB(selinux, is_selinux_enabled, [SELINUX_LDFLAGS="-lselinux"
> +           AC_DEFINE_UNQUOTED(HAVE_SELINUX_LIB, 1, [Define if libselinux is installed])
> +               AC_DEFINE(WITH_SELINUX, 1, [Define if you want wdm to be compiled with SELinux support])
> +               SELINUX_CFLAGS="-DWITH_SELINUX -I/usr/include/selinux"
> +               ],
> +               [
> +               AC_MSG_WARN([libselinux not found, compiling without SELinux support])
> +               ])
> +   ],
> +   [
> +       AC_MSG_RESULT(no)
> +   ])
> +AC_SUBST(SELINUX_LDFLAGS)
> +AC_SUBST(SELINUX_CFLAGS)
> +
> --- Makefile.am.old     2004-05-19 07:46:07.000000000 +0000
> +++ kdm/backend/Makefile.am     2004-05-19 07:18:31.000000000 +0000
> @@ -8,6 +8,10 @@
>     $(LIB_LIBS) $(KRB4_LIBS) $(KRB5_LIBS) $(LIBSOCKET) $(LIBRESOLV) \
>     $(LIBUCB) $(LIBUTIL)
>
> +CPPFLAGS = $(CPPFLAGS) $(SELINUX_CFLAGS)
> +CFLAGS = $(CFLAGS) $(SELINUX_CFLAGS)
> +LDFLAGS = $(LDFLAGS) $(SELINUX_LDFLAGS)
> +
>  bin_PROGRAMS = kdm
>  kdm_SOURCES = \
>     access.c \
> -- System Information:
> Debian Release: testing/unstable
> Architecture: i386
> Kernel: Linux highfield 2.6.6-selinux1 #5 Tue May 18 16:33:29 GMT 2004 i686
> Locale: LANG=C, LC_CTYPE=C
>
>
>
>

Reply to:

Prev by Date: Processed (with 1 errors): set/unset tags
Next by Date: Bug#547250: closed by Olivier Vitrat
Previous by thread: Processed (with 1 errors): set/unset tags
Next by thread: Bug#547250: closed by Olivier Vitrat
Index(es):
- Date
- Thread