[tomoyo-users-en 115] Bug in TOMOYO Linux 1.7.1

Back to archive index
Tetsuo Handa from-****@I-lov*****
Sun Dec 20 00:20:28 JST 2009


A severe memory leak problem was discovered in TOMOYO Linux 1.7.1 .

When I fixed a bug that a permission like

  allow_env PATH if exec.envp["PATH"]="/"

was not working due to buffer contention, I allocated two buffers but forgot to
release one buffer. As a result, if you are using environment variable name
restriction functionality, out-of-memory killer (OOM killer) will be triggered
and the system will hang.

If you cannot reboot your system, please do

  echo '0-CONFIG::misc::env={ mode=disabled }' | ccs-loadpolicy -p
  echo '1-CONFIG::misc::env={ mode=disabled }' | ccs-loadpolicy -p
  echo '2-CONFIG::misc::env={ mode=disabled }' | ccs-loadpolicy -p
  echo '3-CONFIG::misc::env={ mode=disabled }' | ccs-loadpolicy -p

so that environment variable name restriction functionality is disabled.
(Above lines change only profile 0 to 3. Please apply to all profiles you are

If you can reboot your system, please add

  0-CONFIG::misc::env={ mode=disabled }
  1-CONFIG::misc::env={ mode=disabled }
  2-CONFIG::misc::env={ mode=disabled }
  3-CONFIG::misc::env={ mode=disabled }

to /etc/ccs/profile.conf and reboot.

If you built your kernel from source using ccs-patch-1.7.1-20091111.tar.gz ,
please apply the patch available at
(or download tar ball which supports 2.6.33-rc1 and includes two enhancements
http://sourceforge.jp/projects/tomoyo/svn/view/trunk/1.7.x/ccs-patch.tar.gz?root=tomoyo&revision=3274&view=tar )
and recompile the kernel.

I'll start rebuild binary packages.


More information about the tomoyo-users-en mailing list
Back to archive index