Adding two new booleans to httpd to tighten it's security.

Ulrich Drepper drepper at
Sun Dec 11 22:02:52 UTC 2005

Tom London wrote:
> path="/usr/lib/vmware/lib/"
> type=SYSCALL msg=audit(1134335151.660:39): arch=40000003 syscall=125 per=400000

This is indeed a text relocation issue.  Since the code is LGPLed they 
have to provide you with the sources.  Just use compile and use 
eu-findtextrel to determine the sources of the text relocation.

> type=PATH msg=audit(1134331229.904:20): item=0 name="/usr/bin/skype"
> flags=101 inode=145190 dev=fd:00 mode=0100755 ouid=0 ogid=0 rdev=00:00
> type=CWD msg=audit(1134331229.904:20):  cwd="/home/tbl"
> type=SYSCALL msg=audit(1134331229.904:20): arch=40000003 syscall=11

That's a fault in the execve syscall.  This most likely means the binary 
has a section which is executable and writable at the same time.  This 
really should never happen, it's a security nightmare.  Would you want 
an application which by its nature has to accept connections from all 
over the net to have such a flaw?

Maybe you can post the output of

   eu-readelf -l /usr/bin/skype

➧ Ulrich Drepper ➧ Red Hat, Inc. ➧ 444 Castro St ➧ Mountain View, CA ❖

More information about the fedora-selinux-list mailing list