Package: coreutils Version: 8.32-4+b1 Severity: normal Dear Maintainer,
The strace for runcon -c true true (after a > true) contains
getxattr("true", "security.selinux", "unconfined_u:object_r:user_tmp_t", 255)
= 36
execve("/usr/local/sbin/true", ["true", "true"]) = -1 ENOENT
execve("/usr/local/bin/true", ["true", "true"]) = -1 ENOENT
execve("/sbin/true", ["true", "true"]) = -1 ENOENT
execve("/bin/true", ["true", "true"]) = 0
This corresponds to getfscon("true"), execvp("true", ["true", NULL]).
(of course, this also errors if ./true doesn't exist).
So, uh: is this intentional? It certainly feels wrong? All invocations
take a PATH executable except this one which takes a PATH executable
that must *also* be a valid file? And also invites a trivial trojan
because the precomputed transition is to the file in the cwd, but the
program executed lives somewhere in PATH? Should -c just execv()
instead? Am I misunderstanding the usefulness of this?
Best,
наб
-- System Information:
Debian Release: 11.3
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500,
'stable-debug'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 5.10.0-15-amd64 (SMP w/24 CPU threads)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_FIRMWARE_WORKAROUND,
TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8),
LANGUAGE=en_GB:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages coreutils depends on:
ii libacl1 2.2.53-10
ii libattr1 1:2.4.48-6
ii libc6 2.31-13+deb11u3
ii libgmp10 2:6.2.1+dfsg-1+deb11u1
ii libselinux1 3.1-3
coreutils recommends no packages.
coreutils suggests no packages.
-- no debconf information
signature.asc
Description: PGP signature
