From: Dominick Grift <dominick.grift@defensec.nl>
To: selinux@vger.kernel.org
Subject: Re: Bash 5 change in behavior and SELinux
Date: Sun, 24 Feb 2019 18:39:44 +0100 [thread overview]
Message-ID: <20190224173944.GA18551@brutus.lan> (raw)
In-Reply-To: <20190224165919.GA4310@brutus.lan>
On Sun, Feb 24, 2019 at 05:59:19PM +0100, Dominick Grift wrote:
> Recently Bash-5 appeared in the Fedora repositories and i instantly noticed an inpleasant change (for the record: this did not happen before):
I suppose this is just a "feature" or a "bug" in Bash-5 and that i will just have to deal with it. Just seems a bit unnecessary access to me.
>
> [kcinimod@brutus ~]$ touch mytest1.test
> [kcinimod@brutus ~]$ rm ~/*.test
> rm: cannot remove '/home/kcinimod/*.test': No such file or directory
> [kcinimod@brutus ~]$ rm ~/mytest1.test
> [kcinimod@brutus ~]$ echo $?
> 0
>
> After running `semodule -DB` the following AVC denials surfaced:
>
> avc: denied { read } for pid=2178 comm="bash" name="/" dev="dm-3" ino=2 scontext=wheel.id:wheel.role:wheel.subj:s0 tcontext=sys.id:sys.role:files.home.file:s0 tclass=dir permissive=1
> avc: denied { read } for pid=2178 comm="bash" name="/" dev="dm-1" ino=2 scontext=wheel.id:wheel.role:wheel.subj:s0 tcontext=sys.id:sys.role:fs.rootfs.fs:s0 tclass=dir permissive=1
>
> So I took to #bash and they told me:
>
> 17:43 <_abc_> grift: that is exactly what you see on android and is
> a direct result of the missing x bit equivalent in
> the selinux policy
>
> 17:44 <_abc_> grift: rephrased: globbing the * requires the x bit
> set
> 17:44 <_abc_> (it's equivalent in selinux policy)
>
> So why does this show up as a "read"? Its allowed to "search" "/" and "/home", but since Bash 5 this no longer is enough.
>
> Scripts break everywhere because of this
>
> Here is an strace:
>
> execve("/usr/bin/rm", ["rm", "/home/kcinimod/*.test"], 0x7ffd4a604e68 /* 33 vars */) = 0
> brk(NULL) = 0x55fd172f2000
> arch_prctl(0x3001 /* ARCH_??? */, 0x7ffd55284d40) = -1 EINVAL (Invalid argument)
> access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
> openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
> fstat(3, {st_mode=S_IFREG|0644, st_size=73196, ...}) = 0
> mmap(NULL, 73196, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7fce3e2f2000
> close(3) = 0
> openat(AT_FDCWD, "/lib64/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
> read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0@@\2\0\0\0\0\0"..., 832) = 832
> lseek(3, 792, SEEK_SET) = 792
> read(3, "\4\0\0\0\24\0\0\0\3\0\0\0GNU\0's\373BN\237-\352\fHBW\214\275t\225"..., 68) = 68
> fstat(3, {st_mode=S_IFREG|0755, st_size=5591560, ...}) = 0
> mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fce3e2f0000
> lseek(3, 792, SEEK_SET) = 792
> read(3, "\4\0\0\0\24\0\0\0\3\0\0\0GNU\0's\373BN\237-\352\fHBW\214\275t\225"..., 68) = 68
> lseek(3, 864, SEEK_SET) = 864
> read(3, "\4\0\0\0\20\0\0\0\5\0\0\0GNU\0\2\0\0\300\4\0\0\0\3\0\0\0\0\0\0\0", 32) = 32
> mmap(NULL, 1857568, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fce3e12a000
> mprotect(0x7fce3e14c000, 1679360, PROT_NONE) = 0
> mmap(0x7fce3e14c000, 1363968, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x22000) = 0x7fce3e14c000
> mmap(0x7fce3e299000, 311296, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x16f000) = 0x7fce3e299000
> mmap(0x7fce3e2e6000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1bb000) = 0x7fce3e2e6000
> mmap(0x7fce3e2ec000, 14368, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7fce3e2ec000
> close(3) = 0
> arch_prctl(ARCH_SET_FS, 0x7fce3e2f1580) = 0
> mprotect(0x7fce3e2e6000, 16384, PROT_READ) = 0
> mprotect(0x55fd17129000, 4096, PROT_READ) = 0
> mprotect(0x7fce3e32e000, 4096, PROT_READ) = 0
> munmap(0x7fce3e2f2000, 73196) = 0
> brk(NULL) = 0x55fd172f2000
> brk(0x55fd17313000) = 0x55fd17313000
> brk(NULL) = 0x55fd17313000
> openat(AT_FDCWD, "/usr/lib/locale/locale-archive", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
> openat(AT_FDCWD, "/usr/share/locale/locale.alias", O_RDONLY|O_CLOEXEC) = 3
> fstat(3, {st_mode=S_IFREG|0644, st_size=2997, ...}) = 0
> read(3, "# Locale name alias data base.\n#"..., 4096) = 2997
> read(3, "", 4096) = 0
> close(3) = 0
> openat(AT_FDCWD, "/usr/lib/locale/en_US.UTF-8/LC_IDENTIFICATION", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
> openat(AT_FDCWD, "/usr/lib/locale/en_US.utf8/LC_IDENTIFICATION", O_RDONLY|O_CLOEXEC) = 3
> fstat(3, {st_mode=S_IFREG|0644, st_size=368, ...}) = 0
> mmap(NULL, 368, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7fce3e32d000
> close(3) = 0
> openat(AT_FDCWD, "/usr/lib64/gconv/gconv-modules.cache", O_RDONLY) = 3
> fstat(3, {st_mode=S_IFREG|0644, st_size=26398, ...}) = 0
> mmap(NULL, 26398, PROT_READ, MAP_SHARED, 3, 0) = 0x7fce3e2fd000
> close(3) = 0
> openat(AT_FDCWD, "/usr/lib/locale/en_US.UTF-8/LC_MEASUREMENT", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
> openat(AT_FDCWD, "/usr/lib/locale/en_US.utf8/LC_MEASUREMENT", O_RDONLY|O_CLOEXEC) = 3
> fstat(3, {st_mode=S_IFREG|0644, st_size=23, ...}) = 0
> mmap(NULL, 23, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7fce3e2fc000
> close(3) = 0
> openat(AT_FDCWD, "/usr/lib/locale/en_US.UTF-8/LC_TELEPHONE", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
> openat(AT_FDCWD, "/usr/lib/locale/en_US.utf8/LC_TELEPHONE", O_RDONLY|O_CLOEXEC) = 3
> fstat(3, {st_mode=S_IFREG|0644, st_size=59, ...}) = 0
> mmap(NULL, 59, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7fce3e2fb000
> close(3) = 0
> openat(AT_FDCWD, "/usr/lib/locale/en_US.UTF-8/LC_ADDRESS", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
> openat(AT_FDCWD, "/usr/lib/locale/en_US.utf8/LC_ADDRESS", O_RDONLY|O_CLOEXEC) = 3
> fstat(3, {st_mode=S_IFREG|0644, st_size=167, ...}) = 0
> mmap(NULL, 167, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7fce3e2fa000
> close(3) = 0
> openat(AT_FDCWD, "/usr/lib/locale/en_US.UTF-8/LC_NAME", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
> openat(AT_FDCWD, "/usr/lib/locale/en_US.utf8/LC_NAME", O_RDONLY|O_CLOEXEC) = 3
> fstat(3, {st_mode=S_IFREG|0644, st_size=77, ...}) = 0
> mmap(NULL, 77, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7fce3e2f9000
> close(3) = 0
> openat(AT_FDCWD, "/usr/lib/locale/en_US.UTF-8/LC_PAPER", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
> openat(AT_FDCWD, "/usr/lib/locale/en_US.utf8/LC_PAPER", O_RDONLY|O_CLOEXEC) = 3
> fstat(3, {st_mode=S_IFREG|0644, st_size=34, ...}) = 0
> mmap(NULL, 34, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7fce3e2f8000
> close(3) = 0
> openat(AT_FDCWD, "/usr/lib/locale/en_US.UTF-8/LC_MESSAGES", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
> openat(AT_FDCWD, "/usr/lib/locale/en_US.utf8/LC_MESSAGES", O_RDONLY|O_CLOEXEC) = 3
> fstat(3, {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
> close(3) = 0
> openat(AT_FDCWD, "/usr/lib/locale/en_US.utf8/LC_MESSAGES/SYS_LC_MESSAGES", O_RDONLY|O_CLOEXEC) = 3
> fstat(3, {st_mode=S_IFREG|0644, st_size=57, ...}) = 0
> mmap(NULL, 57, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7fce3e2f7000
> close(3) = 0
> openat(AT_FDCWD, "/usr/lib/locale/en_US.UTF-8/LC_MONETARY", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
> openat(AT_FDCWD, "/usr/lib/locale/en_US.utf8/LC_MONETARY", O_RDONLY|O_CLOEXEC) = 3
> fstat(3, {st_mode=S_IFREG|0644, st_size=286, ...}) = 0
> mmap(NULL, 286, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7fce3e2f6000
> close(3) = 0
> openat(AT_FDCWD, "/usr/lib/locale/en_US.UTF-8/LC_COLLATE", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
> openat(AT_FDCWD, "/usr/lib/locale/en_US.utf8/LC_COLLATE", O_RDONLY|O_CLOEXEC) = 3
> fstat(3, {st_mode=S_IFREG|0644, st_size=2586242, ...}) = 0
> mmap(NULL, 2586242, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7fce3deb2000
> close(3) = 0
> openat(AT_FDCWD, "/usr/lib/locale/en_US.UTF-8/LC_TIME", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
> openat(AT_FDCWD, "/usr/lib/locale/en_US.utf8/LC_TIME", O_RDONLY|O_CLOEXEC) = 3
> fstat(3, {st_mode=S_IFREG|0644, st_size=3284, ...}) = 0
> mmap(NULL, 3284, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7fce3e2f5000
> close(3) = 0
> openat(AT_FDCWD, "/usr/lib/locale/en_US.UTF-8/LC_NUMERIC", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
> openat(AT_FDCWD, "/usr/lib/locale/en_US.utf8/LC_NUMERIC", O_RDONLY|O_CLOEXEC) = 3
> fstat(3, {st_mode=S_IFREG|0644, st_size=54, ...}) = 0
> mmap(NULL, 54, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7fce3e2f4000
> close(3) = 0
> openat(AT_FDCWD, "/usr/lib/locale/en_US.UTF-8/LC_CTYPE", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
> openat(AT_FDCWD, "/usr/lib/locale/en_US.utf8/LC_CTYPE", O_RDONLY|O_CLOEXEC) = 3
> fstat(3, {st_mode=S_IFREG|0644, st_size=337024, ...}) = 0
> mmap(NULL, 337024, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7fce3de5f000
> close(3) = 0
> ioctl(0, TCGETS, {B38400 opost isig icanon echo ...}) = 0
> newfstatat(AT_FDCWD, "/home/kcinimod/*.test", 0x55fd172f88e8, AT_SYMLINK_NOFOLLOW) = -1 ENOENT (No such file or directory)
> geteuid() = 1000
> newfstatat(AT_FDCWD, "/home/kcinimod/*.test", 0x7ffd55284a60, AT_SYMLINK_NOFOLLOW) = -1 ENOENT (No such file or directory)
> openat(AT_FDCWD, "/usr/share/locale/en_US.UTF-8/LC_MESSAGES/coreutils.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
> openat(AT_FDCWD, "/usr/share/locale/en_US.utf8/LC_MESSAGES/coreutils.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
> openat(AT_FDCWD, "/usr/share/locale/en_US/LC_MESSAGES/coreutils.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
> openat(AT_FDCWD, "/usr/share/locale/en.UTF-8/LC_MESSAGES/coreutils.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
> openat(AT_FDCWD, "/usr/share/locale/en.utf8/LC_MESSAGES/coreutils.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
> openat(AT_FDCWD, "/usr/share/locale/en/LC_MESSAGES/coreutils.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
> write(2, "rm: ", 4rm: ) = 4
> write(2, "cannot remove '/home/kcinimod/*."..., 37cannot remove '/home/kcinimod/*.test') = 37
> openat(AT_FDCWD, "/usr/share/locale/en_US.UTF-8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
> openat(AT_FDCWD, "/usr/share/locale/en_US.utf8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
> openat(AT_FDCWD, "/usr/share/locale/en_US/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
> openat(AT_FDCWD, "/usr/share/locale/en.UTF-8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
> openat(AT_FDCWD, "/usr/share/locale/en.utf8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
> openat(AT_FDCWD, "/usr/share/locale/en/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
> write(2, ": No such file or directory", 27: No such file or directory) = 27
> write(2, "\n", 1
> ) = 1
> lseek(0, 0, SEEK_CUR) = -1 ESPIPE (Illegal seek)
> close(0) = 0
> close(1) = 0
> close(2) = 0
> exit_group(1) = ?
> +++ exited with 1 +++
>
> --
> Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8 02D5 3B6C 5F1D 2C7B 6B02
> https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6B02
> Dominick Grift
--
Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8 02D5 3B6C 5F1D 2C7B 6B02
https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6B02
Dominick Grift
next prev parent reply other threads:[~2019-02-24 17:39 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-02-24 16:59 Bash 5 change in behavior and SELinux Dominick Grift
2019-02-24 17:39 ` Dominick Grift [this message]
2019-02-24 18:17 ` Nicolas Iooss
2019-02-24 18:37 ` Dominick Grift
2019-02-24 20:32 ` Nicolas Iooss
2019-02-25 7:35 ` Dominick Grift
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190224173944.GA18551@brutus.lan \
--to=dominick.grift@defensec.nl \
--cc=selinux@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).