Bug#516966: openssh: Bug confirmed, patch confirmed
Package: openssh
Version: 1:5.1p1-5
Severity: important
Hi!
I am afraid the bug still persists. The already attached (by Vaclav Ovsik)
patch fixes the bug for me.
To me the bug is important as it rendered remote access unusable. As far
as "badly configured SE Linux" (from this bugs subject) is concerned, I am
not aware of anything "bad" around here. I am SE Linux novice for shure,
but I did not hack around much (only one pp added, not about ssh, made by
audit2allow) and used only official debian documentation (the wiki about
SE Linux: http://wiki.debian.org/SELinux, with Fedora Core FAQ). I am
pretty shure that some or the other filesystems has been relabeled. Which
type should /usr/sbin/sshd have, btw.
Though the original post mentions some command to chcon the type of the
sshd executeable, it makes no difference for my system (permissive state,
see below) if I change that. The segmentation fault by sshd stays the
same regardless whether you use file_t or bin_t.
Last but not least this could be a seen as regression as I think debian
bug #430838 might be quite the same thing in respect of the outcome (ssh
login blocked). Of course the true cause was quite different with that
bug. I just stumbled over the rating of "grave" which was used there.
Anyway. Thanks for the patch! Please include upstream or in debian soon.
Kind regards,
Philipp
-- SE Linux Information:
SELinux status: enabled
SELinuxfs mount: /selinux
Current mode: permissive
Mode from config file: permissive
Policy version: 23
Policy from config file: default
-- System Information:
Debian Release: 5.0
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.26-1-686 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Reply to: