selinux now causing trouble with seamonkey
Daniel J Walsh
dwalsh at redhat.com
Wed Feb 13 13:04:46 UTC 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Jim Cornette wrote:
> Antonio Olivares wrote:
>>
>> I do not want to have a compromised system, but I am
>> getting tired of the exec stack stuff appearing just
>> about everytime I start firefox and now seamonkey as
>> well. Should I also file a bug against seamonkey for
>> using the stack?
>>
>> Regards,
>>
>> Antonio
>
> Like I mentioned before, the only site that I experienced the error on
> is news.aol.com - I did not add anything to any rules for SELinux so I
> would expect your system has a badly acting plug-in as was suggested by
> others. Yahoo did not seem to cause problems for me, but I do not use
> yahoo or have an account for the service.
>
> The difference for me is seamonkey used to crash. It now keeps on
> logging denials. Firefox does crash on the same site as seamonkey used
> to crash on.
>
> If you temporarily change your homepage to another location and bring up
> firefox or seamonkey does it crash or load successfully?
>
> Maybe it is a bug with the browsers. I do not know, but it is not severe
> on my system.
>
> The news.aol.com site generated the below raw messages for firefox.
>
> Raw Audit Messages :host=HP-JCF7 type=AVC
> msg=audit(1202781770.462:1241): avc: denied { execmem } for pid=16598
> comm="firefox" scontext=unconfined_u:unconfined_r:unconfined_t:s0
> tcontext=unconfined_u:unconfined_r:unconfined_t:s0 tclass=process
> host=HP-JCF7 type=SYSCALL msg=audit(1202781770.462:1241): arch=40000003
> syscall=125 success=no exit=-13 a0=b2f51000 a1=1000 a2=5 a3=bfc5f21c
> items=0 ppid=16584 pid=16598 auid=500 uid=500 gid=500 euid=500 suid=500
> fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox"
> exe="/usr/lib/firefox-3.0b4pre/firefox"
> subj=unconfined_u:unconfined_r:unconfined_t:s0 key=(null)
>
> For seamonkey news.aol.com repeatedly produces the below.
>
> Line Numbers: Raw Audit Messages :host=HP-JCF7 type=AVC
> msg=audit(1202860251.355:818): avc: denied { execmem } for pid=23617
> comm="seamonkey-bin" scontext=unconfined_u:unconfined_r:unconfined_t:s0
> tcontext=unconfined_u:unconfined_r:unconfined_t:s0 tclass=process
> host=HP-JCF7 type=SYSCALL msg=audit(1202860251.355:818): arch=40000003
> syscall=125 success=no exit=-13 a0=ae321000 a1=1000 a2=5 a3=bf85db5c
> items=0 ppid=1 pid=23617 auid=500 uid=500 gid=500 euid=500 suid=500
> fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="seamonkey-bin"
> exe="/usr/lib/seamonkey-1.1.8/seamonkey-bin"
> subj=unconfined_u:unconfined_r:unconfined_t:s0 key=(null)
>
> Jim
>
Well going to this page with nsplugin installed causes nsplugin_t to
generate an execmem.
- ----
time->Wed Feb 13 08:00:55 2008
type=SYSCALL msg=audit(1202907655.715:1515): arch=40000003 syscall=125
per=8 success=no exit=-13 a0=f2129000 a1=1000 a2=5 a3=ffbff4bc items=0
ppid=4897 pid=4917 auid=3267 uid=3267 gid=3267 euid=3267 suid=3267
fsuid=3267 egid=3267 sgid=3267 fsgid=3267 tty=(none) comm="npviewer.bin"
exe="/usr/lib/nspluginwrapper/npviewer.bin"
subj=staff_u:staff_r:nsplugin_t:s0 key=(null)
type=AVC msg=audit(1202907655.715:1515): avc: denied { execmem } for
pid=4917 comm="npviewer.bin" scontext=staff_u:staff_r:nsplugin_t:s0
tcontext=staff_u:staff_r:nsplugin_t:s0 tclass=process
nsplugin seems to survive though. So this is definitely a plugin
causing the problem. I would bet it is flashplugin.
Hard to tell if anything is different on this page.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkey6u4ACgkQrlYvE4MpobNGhgCeOiv1w1OFfqmjTGwa3UA1Ib5c
k3sAnRTLSrj7A8pXWhYYG/361pgrFnhA
=uBLb
-----END PGP SIGNATURE-----
More information about the fedora-test-list
mailing list