From 425e7d2796972f2d6822d94798187f744911888e Mon Sep 17 00:00:00 2001
From: Daniel J Walsh <dwalsh@fedoraproject.org>
Date: Sep 19 2009 01:40:53 +0000
Subject: * Fri Sep 18 2009 Dan Walsh <dwalsh@redhat.com> 2.0.74-3

- Security fixes for seunshare
- Fix Sandbox to handle non file input to command.

---

diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch
index fcca135..056d9ea 100644
--- a/policycoreutils-rhat.patch
+++ b/policycoreutils-rhat.patch
@@ -1222,8 +1222,8 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
 +relabel:
 diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandbox policycoreutils-2.0.74/sandbox/sandbox
 --- nsapolicycoreutils/sandbox/sandbox	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.74/sandbox/sandbox	2009-09-17 15:05:17.000000000 -0400
-@@ -0,0 +1,202 @@
++++ policycoreutils-2.0.74/sandbox/sandbox	2009-09-18 21:38:37.000000000 -0400
+@@ -0,0 +1,207 @@
 +#!/usr/bin/python -E
 +import os, sys, getopt, socket, random, fcntl, shutil
 +import selinux
@@ -1390,7 +1390,12 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
 +                         warnings.resetwarnings()
 +                         paths = []
 +                         for i in cmds:
-+                                paths.append(os.path.realpath(i))
++                                f = os.path.realpath(i)
++                                if os.path.exists(f):
++                                       paths.append(f)
++                                else:
++                                       paths.append(i)
++                                       
 +                         copyfiles(newhomedir, newtmpdir, init_files + paths)
 +                         execfile = newhomedir + "/.sandboxrc"
 +                         fd = open(execfile, "w+")
@@ -1478,8 +1483,8 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
 +done
 diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/seunshare.c policycoreutils-2.0.74/sandbox/seunshare.c
 --- nsapolicycoreutils/sandbox/seunshare.c	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.74/sandbox/seunshare.c	2009-09-17 15:05:44.000000000 -0400
-@@ -0,0 +1,284 @@
++++ policycoreutils-2.0.74/sandbox/seunshare.c	2009-09-18 09:58:46.000000000 -0400
+@@ -0,0 +1,265 @@
 +#include <signal.h>
 +#include <sys/types.h>
 +#include <sys/wait.h>
@@ -1506,33 +1511,19 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
 +#include <unistd.h>
 +
 +/**
-+ * This function will drop the capabilities so that we are left
-+ * only with access to the audit system and the ability to raise
-+ * CAP_SYS_ADMIN before invoking unshare and mounting a couple of directories. 
-+ * These capabilities are needed for performing bind mounts/unmounts 
-+ * and to create potential new instance directories with appropriate 
-+ * DAC attributes. 
-+ *
++ * This function will drop all capabilities 
 + * Returns zero on success, non-zero otherwise
 + */
-+static int drop_capabilities(int all, uid_t uid)
++static int drop_capabilities(uid_t uid)
 +{
 +	capng_clear(CAPNG_SELECT_BOTH);
 +
-+	if (all) {
-+		if (capng_lock() < 0) 
-+			return -1;
-+		/* Change uid */
-+		if (setresuid(uid, uid, uid)) {
-+			fprintf(stderr, "Error changing uid, aborting.\n");
-+			return -1;
-+		}
-+	} else {
-+		if (capng_updatev(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED, CAP_SYS_ADMIN, CAP_DAC_OVERRIDE, CAP_SETPCAP, CAP_SETUID, -1) < 0) { 
-+			fprintf(stderr, "Error running capng_updatev\n");
-+			return -1;
-+		}
-+	}
++	if (capng_lock() < 0) 
++		return -1;
++	/* Change uid */
++	if (setresuid(uid, uid, uid)) {
++		fprintf(stderr, "Error changing uid, aborting.\n");
++		return -1;
 +
 +	return capng_apply(CAPNG_SELECT_BOTH);
 +}
@@ -1626,7 +1617,6 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
 +		{"tmpdir", 1, 0, 't'},
 +		{NULL, 0, 0, 0}
 +	};
-+	capng_print_caps_text(CAPNG_PRINT_STDOUT, CAPNG_EFFECTIVE);
 +
 +	uid_t uid = getuid();
 +
@@ -1643,10 +1633,6 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
 +
 +	if (verify_shell(pwd->pw_shell) == 0) {
 +		fprintf(stderr, "Error!  Shell is not valid.\n");
-+	}
-+
-+	if (drop_capabilities(FALSE, uid)) {
-+		perror("Failed to drop capabilities");
 +		return -1;
 +	}
 +
@@ -1710,7 +1696,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
 +	if (tmpdir_s && verify_mount("/tmp", pwd) < 0) 
 +		return -1;
 +
-+	if (drop_capabilities(TRUE, uid)) {
++	if (drop_capabilities(uid)) {
 +		perror("Failed to drop all capabilities");
 +		return -1;
 +	}
diff --git a/policycoreutils.spec b/policycoreutils.spec
index 811672a..659a822 100644
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@@ -6,7 +6,7 @@
 Summary: SELinux policy core utilities
 Name:	 policycoreutils
 Version: 2.0.74
-Release: 2%{?dist}
+Release: 3%{?dist}
 License: GPLv2+
 Group:	 System Environment/Base
 Source:	 http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@@ -297,6 +297,10 @@ fi
 exit 0
 
 %changelog
+* Fri Sep 18 2009 Dan Walsh <dwalsh@redhat.com> 2.0.74-3
+- Security fixes for seunshare
+- Fix Sandbox to handle non file input to command.
+
 * Thu Sep 17 2009 Dan Walsh <dwalsh@redhat.com> 2.0.74-2
 - Security fixes for seunshare