A security issue in the setroubleshoot.pp python script in selinux-policy was disclosed and discussed in this thread: http://openwall.com/lists/oss-security/2015/03/26/1 Reproducible: Steps to Reproduce:
Whiteboard: (none) => MGA5TOO, MGA4TOO
Status: NEW => ASSIGNED
I will wait until Fedora has a fix. We don't provide a kernel built with selinux enabled, so this is not a priority.
Hardware: i586 => All
RedHat has issued an advisory for this on March 26: https://rhn.redhat.com/errata/RHSA-2015-0729.html
Severity: normal => critical
URL: (none) => http://lwn.net/Vulnerabilities/638217/
(In reply to David Walser from comment #2) > RedHat has issued an advisory for this on March 26: > https://rhn.redhat.com/errata/RHSA-2015-0729.html After reading this, and then go back and re-read the link in the description, I don't see this to be a problem in Mageia. We do not have this package "setroubleshoot" (which may be a very nice one, if we would would use selinux) Please let me know if I am reading this wrong.
I'm not 100% sure. We don't have a *package* by that name, but the oss-security post said the issue was in a Python script. So, we do have: selinux-policy-targeted:/etc/selinux/targeted/modules/active/modules/setroubleshoot.pp selinux-policy-devel:/usr/share/selinux/devel/include/contrib/setroubleshoot.if selinux-policy-minimum:/etc/selinux/minimum/modules/active/modules/setroubleshoot.pp selinux-policy-mls:/etc/selinux/mls/modules/active/modules/setroubleshoot.pp I haven't looked at the file directly, but I was under the impression that setroubleshoot.pp is the affected Python script.
setroubleshoot.pp is not a python script but .pp os for policy package: see https://www.centos.org/docs/5/html/Deployment_Guide-en-US/sec-sel-policy-customizing.html Conventionally, these files have a .pp suffix (policy package), although this is not mandated in any way.
Hmm, so I guess setroubleshoot.pp is what tells it to call that script. This is INVALID then.
Status: ASSIGNED => RESOLVEDResolution: (none) => INVALID