package pam-0.99.7.1 pam_selinux.so doesn't support seusers

Bug #187822 reported by Caleb Case on 2008-01-31
4
Affects Status Importance Assigned to Milestone
pam (Debian)
Fix Released
Unknown
pam (Ubuntu)
Undecided
Unassigned

Bug Description

The version of pam_selinux.c in pam 0.99.7.1 is using an old method for determining contexts. Because of this it does not correctly handle the seusers configuration. This was fixed in upstream on 6/15/07 and has been in pam releases starting with 99.8. Most policies use the seusers feature and without it proper support for SELinux won't be possible in Hardy (specifically, login security contexts will not be correct). I've attached an updated source package (which is also available in my PPA https://launchpad.net/~calebcase/+archive). This is related to a bug in Debian http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=451722.

Thanks,

Caleb

DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=8.04
DISTRIB_CODENAME=hardy
DISTRIB_DESCRIPTION="Ubuntu hardy (development branch)"

Source package:

pam_0.99.7.1-5ubuntu3

Binary package:

+++-====================================-===========================-============================================
ii libpam-modules 0.99.7.1-5ubuntu3 Pluggable Authentication Modules for PAM

Related branches

Caleb Case (calebcase) wrote :
Caleb Case (calebcase) wrote :
Changed in pam:
status: Unknown → Confirmed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package pam - 0.99.7.1-5ubuntu4

---------------
pam (0.99.7.1-5ubuntu4) hardy; urgency=low

  * ubuntu-pam_selinux_seusers: patch pam_selinux to correctly support
    seusers (backported from changes in PAM 0.99.8). Without this patch
    login will not get correct security context when using libselinux
    >= 1.27.2 (LP: #187822).

 -- Caleb Case <email address hidden> Wed, 30 Jan 2008 06:39:48 -0500

Changed in pam:
status: New → Fix Released
Changed in pam:
status: Confirmed → Fix Committed
Changed in pam:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.