Selinux attacks acroread again
Paul Howarth
paul at city-fan.org
Thu Apr 13 12:12:55 UTC 2006
Paul Smith wrote:
> On 4/13/06, Paul Howarth <paul at city-fan.org> wrote:
>> Try:
>>
>> # grep -F 'avc: denied' /var/log/audit/audit.log /var/log/messages
>
> /var/log/messages:Apr 13 13:00:39 localhost kernel:
> audit(1144929639.666:42): avc: denied { execmod } for pid=6312
> comm="acroread" name="libCoolType.so.5.01" dev=dm-0 ino=8258016
> scontext=user_u:system_r:unconfined_t:s0
> tcontext=system_u:object_r:lib_t:s0 tclass=file
> /var/log/messages:Apr 13 13:00:54 localhost kernel:
> audit(1144929654.489:43): avc: denied { execmod } for pid=6385
> comm="acroread" name="libcrypto.so.0.9.6" dev=dm-0 ino=8258037
> scontext=user_u:system_r:unconfined_t:s0
> tcontext=system_u:object_r:lib_t:s0 tclass=file
OK, so where are the files libCoolType.so.5.01 and libcrypto.so.0.9.6 on
your system?
/usr/local/Adobe/Acrobat7.0/Reader/intellinux/lib ?
Does this help:
# chcon -t textrel_shlib_t \
/usr/local/Adobe/Acrobat7.0/Reader/intellinux/lib/*.so*
Paul.
More information about the fedora-list
mailing list