rpm -V/prelink/exec{mem,stack,heap,mod}

Tom London selinux at gmail.com
Wed Nov 22 15:21:06 UTC 2006 

Running rawhide, targeted/enforcing.

After some problems completing daily updates, I decided to do a brute
force winnowing of the installed packages on my system via:

for i in `rpm -qa`
do
     rpm -V $i
done

This generated lots of chaff, but I did get a few complaints and AVCs
from prelink. Here are a few examples:

type=AVC msg=audit(1164207673.111:60): avc:  denied  { execmod } for
pid=14045 comm="ld-linux.so.2"
name="libSDL-1.2.so.0.7.3.#prelink#.KpNF6b" dev=dm-0 ino=5474274
scontext=user_u:system_r:rpm_t:s0 tcontext=user_u:object_r:lib_t:s0
tclass=file
type=SYSCALL msg=audit(1164207673.111:60): arch=40000003 syscall=125
success=no exit=-13 a0=aa4000 a1=7c000 a2=5 a3=bfe79f30 items=0
ppid=14035 pid=14045 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=pts0 comm="ld-linux.so.2" exe="/lib/ld-2.5.90.so"
subj=user_u:system_r:rpm_t:s0 key=(null)
type=AVC_PATH msg=audit(1164207673.111:60):
path="/usr/lib/libSDL-1.2.so.0.7.3.#prelink#.KpNF6b"

type=AVC msg=audit(1164207351.971:48): avc:  denied  { execstack } for
 pid=5126 comm="ld-linux.so.2" scontext=user_u:system_r:rpm_t:s0
tcontext=user_u:system_r:rpm_t:s0 tclass=process
type=SYSCALL msg=audit(1164207351.971:48): arch=40000003 syscall=125
success=no exit=-13 a0=bfa65000 a1=1000 a2=1000007 a3=fffff000 items=0
ppid=5125 pid=5126 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=pts0 comm="ld-linux.so.2" exe="/lib/ld-2.5.90.so"
subj=user_u:system_r:rpm_t:s0 key=(null)

type=AVC msg=audit(1164207446.818:49): avc:  denied  { execmem } for
pid=6730 comm="ld-linux.so.2" scontext=user_u:system_r:rpm_t:s0
tcontext=user_u:system_r:rpm_t:s0 tclass=process
type=SYSCALL msg=audit(1164207446.818:49): arch=40000003 syscall=192
success=no exit=-13 a0=8048000 a1=91b000 a2=7 a3=812 items=0 ppid=6729
pid=6730 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
fsgid=0 tty=pts0 comm="ld-linux.so.2" exe="/lib/ld-2.5.90.so"
subj=user_u:system_r:rpm_t:s0 key=(null)

type=AVC msg=audit(1164208640.223:66): avc:  denied  { execheap } for
pid=30931 comm="ld-linux.so.2" scontext=user_u:system_r:rpm_t:s0
tcontext=user_u:system_r:rpm_t:s0 tclass=process
type=SYSCALL msg=audit(1164208640.223:66): arch=40000003 syscall=125
success=yes exit=0 a0=4f40d000 a1=6a000 a2=5 a3=bfc234f0 items=0
ppid=30907 pid=30931 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=pts1 comm="ld-linux.so.2" exe="/lib/ld-2.5.90.so"
subj=user_u:system_r:rpm_t:s0 key=(null)

I'm guessing this is probably an (obscure?) edge case, but is there a
missing transition from rpm_t to something like prelink_t?

Here is a particular case (this one generated the last AVC (execheap) above):

[root at localhost ~]# rpm -V compiz
prelink: /usr/bin/compiz.#prelink#.bdtGdC Could not trace symbol resolving
S.?.....   /usr/bin/compiz
[root at localhost ~]# setenforce 0
[root at localhost ~]# rpm -V compiz
[root at localhost ~]#

tom
-- 
Tom London

More information about the fedora-selinux-list mailing list