Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 161777 Details for
Bug 231762
Original PO strings bugs
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
[patch]
Patch for setroubleshoot-1.9.7-1.fc8
setroubleshoot-po.patch (text/plain), 22.39 KB, created by
Kai Thomsen
on 2007-08-18 00:13:34 UTC
(
hide
)
Description:
Patch for setroubleshoot-1.9.7-1.fc8
Filename:
MIME Type:
Creator:
Kai Thomsen
Created:
2007-08-18 00:13:34 UTC
Size:
22.39 KB
patch
obsolete
>diff -Nur setroubleshoot-1.9.7/plugins/allow_execheap.py setroubleshoot-1.9.7.new/plugins/allow_execheap.py >--- setroubleshoot-1.9.7/plugins/allow_execheap.py 2007-06-11 15:59:39.000000000 +0200 >+++ setroubleshoot-1.9.7.new/plugins/allow_execheap.py 2007-08-12 17:07:30.000000000 +0200 >@@ -28,7 +28,7 @@ > > problem_description = _(''' > The $SOURCE_PATH application attempted to change the access protection of memory on >- the heap (e,g., allocated using malloc). This is a potential security >+ the heap (e.g., allocated using malloc). This is a potential security > problem. Applications should not be doing this. Applications are > sometimes coded incorrectly and request this permission. The > <a href="http://people.redhat.com/drepper/selinux-mem.html">SELinux Memory Protection Tests</a> >diff -Nur setroubleshoot-1.9.7/plugins/allow_execmem.py setroubleshoot-1.9.7.new/plugins/allow_execmem.py >--- setroubleshoot-1.9.7/plugins/allow_execmem.py 2007-06-11 15:59:39.000000000 +0200 >+++ setroubleshoot-1.9.7.new/plugins/allow_execmem.py 2007-08-12 17:06:56.000000000 +0200 >@@ -26,7 +26,7 @@ > > problem_description = _(''' > The $SOURCE_PATH application attempted to change the access protection >- of memory (e,g., allocated using malloc). This is a potential >+ of memory (e.g., allocated using malloc). This is a potential > security problem. Applications should not be doing this. Applications > are sometimes coded incorrectly and request this permission. The > <a href="http://people.redhat.com/drepper/selinux-mem.html">SELinux Memory Protection Tests</a> >diff -Nur setroubleshoot-1.9.7/plugins/allow_execstack.py setroubleshoot-1.9.7.new/plugins/allow_execstack.py >--- setroubleshoot-1.9.7/plugins/allow_execstack.py 2007-06-11 15:59:39.000000000 +0200 >+++ setroubleshoot-1.9.7.new/plugins/allow_execstack.py 2007-08-12 17:32:45.000000000 +0200 >@@ -25,9 +25,9 @@ > ''') > > problem_description = _(''' >- The $SOURCE_PATH application attempted to make the its stack >+ The $SOURCE_PATH application attempted to make its stack > executable. This is a potential security problem. This should >- never ever be necessary. stack memory is not executable on most >+ never ever be necessary. Stack memory is not executable on most > OSes these days and this will not change. Executable stack memory > is one of the biggest security problems. An execstack error might > in fact be most likely raised by malicious code. Applications are >@@ -44,8 +44,8 @@ > Sometimes a library is accidentally marked with the execstack flag, > if you find a library with this flag you can clear it with the > execstack -c LIBRARY_PATH. Then retry your application. If the >- app continues to not work, you can turn the flack back on with >- execstac -s LIBRARY_PATH. Otherwise, if you trust $SOURCE_PATH to >+ app continues to not work, you can turn the flag back on with >+ execstack -s LIBRARY_PATH. Otherwise, if you trust $SOURCE_PATH to > run correctly, you can change the context of the executable to > unconfined_execmem_exec_t. "chcon -t unconfined_execmem_exec_t > $SOURCE_PATH" >diff -Nur setroubleshoot-1.9.7/plugins/allow_httpd_anon_write.py setroubleshoot-1.9.7.new/plugins/allow_httpd_anon_write.py >--- setroubleshoot-1.9.7/plugins/allow_httpd_anon_write.py 2007-06-11 15:59:39.000000000 +0200 >+++ setroubleshoot-1.9.7.new/plugins/allow_httpd_anon_write.py 2007-08-18 02:03:28.000000000 +0200 >@@ -27,12 +27,12 @@ > > problem_description = _(''' > SELinux policy is preventing the http daemon from writing to a public >- directory. If http is not setup to write to public directories, this >+ directory. If httpd is not setup to write to public directories, this > could signal a intrusion attempt. > ''') > > fix_description = _(''' >- If http should be allowed to write to this directory you need to turn >+ If httpd should be allowed to write to this directory you need to turn > on the $BOOLEAN boolean and change the file context of > the public directory to public_content_rw_t. Read the httpd_selinux > man page for further information: >diff -Nur setroubleshoot-1.9.7/plugins/allow_httpd_sys_script_anon_write.py setroubleshoot-1.9.7.new/plugins/allow_httpd_sys_script_anon_write.py >--- setroubleshoot-1.9.7/plugins/allow_httpd_sys_script_anon_write.py 2007-06-11 15:59:39.000000000 +0200 >+++ setroubleshoot-1.9.7.new/plugins/allow_httpd_sys_script_anon_write.py 2007-08-18 02:06:02.000000000 +0200 >@@ -21,13 +21,13 @@ > > class plugin(Plugin): > summary =_(''' >- SELinux policy is preventing an http script from writing to a public >+ SELinux policy is preventing an httpd script from writing to a public > directory. > ''') > > problem_description = _(''' >- SELinux policy is preventing an http script from writing to a public >- directory. If http is not setup to write to public directories, this >+ SELinux policy is preventing an httpd script from writing to a public >+ directory. If httpd is not setup to write to public directories, this > could signal a intrusion attempt. > ''') > >diff -Nur setroubleshoot-1.9.7/plugins/automount_exec_config.py setroubleshoot-1.9.7.new/plugins/automount_exec_config.py >--- setroubleshoot-1.9.7/plugins/automount_exec_config.py 2007-06-11 15:59:39.000000000 +0200 >+++ setroubleshoot-1.9.7.new/plugins/automount_exec_config.py 2007-08-12 17:35:23.000000000 +0200 >@@ -29,13 +29,13 @@ > problem_description = _(''' > SELinux has denied the $SOURCE_PATH from executing potentially > mislabeled files $TARGET_PATH. Automounter can be setup to execute >- configuration files, if $TARGET_PATH is an automoutn executable >+ configuration files, if $TARGET_PATH is an automount executable > configuration file it needs to have a file label of bin_t. > If automounter is trying to execute something that it is not supposed to, this could indicate an intrusion attack. > ''') > > fix_description = _(''' >- If you want to change the file context of $TARGET_PATH so that the automounter can execute it you can execute chcon -t bin_t.$TARGET_PATH. If you want this to survive a relabel, you need to permanantly change the file context, Execute semanage fcontext -a -t bin_t $TARGET_PATH. >+ If you want to change the file context of $TARGET_PATH so that the automounter can execute it you can execute "chcon -t bin_t $TARGET_PATH". If you want this to survive a relabel, you need to permanently change the file context: execute "semanage fcontext -a -t bin_t $TARGET_PATH". > You must also change the default file context files on the system in order to preserve them even on a full relabel. "semanage fcontext -a -t bin_t $TARGET_PATH" > ''') > >diff -Nur setroubleshoot-1.9.7/plugins/filesystem_associate.py setroubleshoot-1.9.7.new/plugins/filesystem_associate.py >--- setroubleshoot-1.9.7/plugins/filesystem_associate.py 2007-06-11 15:59:39.000000000 +0200 >+++ setroubleshoot-1.9.7.new/plugins/filesystem_associate.py 2007-08-12 17:38:34.000000000 +0200 >@@ -27,15 +27,15 @@ > > problem_description = _(''' > SELinux is preventing $SOURCE_PATH from creating a file with a context of $SOURCE_TYPE on a filesystem. >- Usually this happens when you ask the cp commnad to maintain the context of a file when >- copying between file systems. "cp -a" for example. Not all file context should be maintained >- between the file systems. For example a readonly file type like iso9660_t should not be placed >- on a r/w system. cp -P might be a better solution, as this will adopt the default file context >+ Usually this happens when you ask the cp command to maintain the context of a file when >+ copying between file systems, "cp -a" for example. Not all file contexts should be maintained >+ between the file systems. For example, a read-only file type like iso9660_t should not be placed >+ on a r/w system. "cp -P" might be a better solution, as this will adopt the default file context > for the destination. > ''') > > fix_description = _(''' >- Use a command like cp -P to preserve all permissions except SELinux context. >+ Use a command like "cp -P" to preserve all permissions except SELinux context. > ''') > > def __init__(self): >diff -Nur setroubleshoot-1.9.7/plugins/httpd_bad_labels.py setroubleshoot-1.9.7.new/plugins/httpd_bad_labels.py >--- setroubleshoot-1.9.7/plugins/httpd_bad_labels.py 2007-06-11 15:59:39.000000000 +0200 >+++ setroubleshoot-1.9.7.new/plugins/httpd_bad_labels.py 2007-08-12 17:40:27.000000000 +0200 >@@ -29,9 +29,9 @@ > problem_description = _(''' > SELinux has denied the $SOURCE_PATH access to potentially > mislabeled files $TARGET_PATH. This means that SELinux will not >- allow http to use these files. Many third party apps install html files >- in directories that SELinux policy can not predict. These directories >- have to be labeled with a file context which httpd can accesss. >+ allow httpd to use these files. Many third party apps install html files >+ in directories that SELinux policy cannot predict. These directories >+ have to be labeled with a file context which httpd can access. > ''') > > fix_description = _(''' >diff -Nur setroubleshoot-1.9.7/plugins/httpd_builtin_scripting.py setroubleshoot-1.9.7.new/plugins/httpd_builtin_scripting.py >--- setroubleshoot-1.9.7/plugins/httpd_builtin_scripting.py 2007-06-11 15:59:39.000000000 +0200 >+++ setroubleshoot-1.9.7.new/plugins/httpd_builtin_scripting.py 2007-08-18 02:00:50.000000000 +0200 >@@ -26,8 +26,8 @@ > > problem_description = _(''' > SELinux has denied the http daemon from using built-in scripting. >- This means that SELinux will not allow http to use loadable >- modules to run scripts internally. If you did not setup http to >+ This means that SELinux will not allow httpd to use loadable >+ modules to run scripts internally. If you did not setup httpd to > use built-in scripting, this may signal a intrusion attempt. > ''') > >diff -Nur setroubleshoot-1.9.7/plugins/httpd_can_network_connect_db.py setroubleshoot-1.9.7.new/plugins/httpd_can_network_connect_db.py >--- setroubleshoot-1.9.7/plugins/httpd_can_network_connect_db.py 2007-06-11 15:59:39.000000000 +0200 >+++ setroubleshoot-1.9.7.new/plugins/httpd_can_network_connect_db.py 2007-08-18 02:04:55.000000000 +0200 >@@ -26,7 +26,7 @@ > > problem_description = _(''' > SELinux has denied the http daemon from connecting to a database. An >- http script is trying to connect to a database port. If you did not >+ httpd script is trying to connect to a database port. If you did not > setup httpd to allow database connections, this could signal a > intrusion attempt. > ''') >diff -Nur setroubleshoot-1.9.7/plugins/httpd_can_network_connect.py setroubleshoot-1.9.7.new/plugins/httpd_can_network_connect.py >--- setroubleshoot-1.9.7/plugins/httpd_can_network_connect.py 2007-06-11 15:59:39.000000000 +0200 >+++ setroubleshoot-1.9.7.new/plugins/httpd_can_network_connect.py 2007-08-18 02:04:36.000000000 +0200 >@@ -28,7 +28,7 @@ > > problem_description = _(''' > SELinux has denied the http daemon from connecting to $PORT_NUMBER. An >- http script is trying to do a network connect to a remote port. If you >+ httpd script is trying to do a network connect to a remote port. If you > did not setup httpd to network connections, this could signal a > intrusion attempt. > ''') >diff -Nur setroubleshoot-1.9.7/plugins/httpd_can_network_relay.py setroubleshoot-1.9.7.new/plugins/httpd_can_network_relay.py >--- setroubleshoot-1.9.7/plugins/httpd_can_network_relay.py 2007-06-11 15:59:39.000000000 +0200 >+++ setroubleshoot-1.9.7.new/plugins/httpd_can_network_relay.py 2007-08-18 02:02:29.000000000 +0200 >@@ -28,7 +28,7 @@ > > problem_description = _(''' > SELinux has denied the http daemon from connecting to itself or >- the relay ports. An http script is trying to do a network connect >+ the relay ports. An httpd script is trying to do a network connect > to an http/ftp port. If you did not setup httpd to network > connections, this could signal a intrusion attempt. > ''') >diff -Nur setroubleshoot-1.9.7/plugins/httpd_enable_cgi.py setroubleshoot-1.9.7.new/plugins/httpd_enable_cgi.py >--- setroubleshoot-1.9.7/plugins/httpd_enable_cgi.py 2007-06-11 15:59:39.000000000 +0200 >+++ setroubleshoot-1.9.7.new/plugins/httpd_enable_cgi.py 2007-08-12 17:15:23.000000000 +0200 >@@ -22,18 +22,18 @@ > > class plugin(Plugin): > summary =_(''' >- SELinux is preventing the http daemon from executing cgi scripts >+ SELinux is preventing the http daemon from executing cgi scripts. > ''') > > problem_description = _(''' > SELinux has denied the http daemon from executing a cgi > script. httpd can be setup in a locked down mode where cgi scripts >- are not allowed to executed. If the httpd server has been setup >+ are not allowed to be executed. If the httpd server has been setup > to not execute cgi scripts, this could signal a intrusion attempt. > ''') > > fix_description = _(''' >- If you want httpd to to be able to run cgi scripts, you need to >+ If you want httpd to be able to run cgi scripts, you need to > turn on the $BOOLEAN boolean: "setsebool -P > $BOOLEAN=1" > ''') >diff -Nur setroubleshoot-1.9.7/plugins/httpd_enable_ftp_server.py setroubleshoot-1.9.7.new/plugins/httpd_enable_ftp_server.py >--- setroubleshoot-1.9.7/plugins/httpd_enable_ftp_server.py 2007-06-11 15:59:39.000000000 +0200 >+++ setroubleshoot-1.9.7.new/plugins/httpd_enable_ftp_server.py 2007-08-18 02:03:49.000000000 +0200 >@@ -27,7 +27,7 @@ > problem_description = _(''' > SELinux has denied the http daemon from listening for incoming > connections on the ftp port. This means that SELinux will not >- allow http to run as a ftp server. If you did not setup http to >+ allow httpd to run as a ftp server. If you did not setup httpd to > run as a ftp server, this may signal a intrusion attempt. > ''') > >diff -Nur setroubleshoot-1.9.7/plugins/httpd_enable_homedirs.py setroubleshoot-1.9.7.new/plugins/httpd_enable_homedirs.py >--- setroubleshoot-1.9.7/plugins/httpd_enable_homedirs.py 2007-06-11 15:59:39.000000000 +0200 >+++ setroubleshoot-1.9.7.new/plugins/httpd_enable_homedirs.py 2007-08-12 17:17:49.000000000 +0200 >@@ -21,11 +21,11 @@ > > class plugin(Plugin): > summary =_(''' >- SELinux is preventing the http daemon from reading users home directories. >+ SELinux is preventing the http daemon from reading users' home directories. > ''') > > problem_description = _(''' >- SELinux has denied the http daemon access to users home >+ SELinux has denied the http daemon access to users' home > directories. Someone is attempting to access your home directories > via your http daemon. If you have not setup httpd to share home > directories, this probably signals a intrusion attempt. >diff -Nur setroubleshoot-1.9.7/plugins/httpd_ssi_exec.py setroubleshoot-1.9.7.new/plugins/httpd_ssi_exec.py >--- setroubleshoot-1.9.7/plugins/httpd_ssi_exec.py 2007-06-11 15:59:39.000000000 +0200 >+++ setroubleshoot-1.9.7.new/plugins/httpd_ssi_exec.py 2007-08-18 02:01:08.000000000 +0200 >@@ -25,7 +25,7 @@ > > problem_description = _(''' > SELinux has denied the http daemon from executing a shell >- script. Ordinarily, http requires that all scripts (CGIs) be >+ script. Ordinarily, httpd requires that all scripts (CGIs) be > labeled httpd_sys_script_exec_t. If httpd should not be running > this shell script, this could signal a intrusion attempt. > ''') >diff -Nur setroubleshoot-1.9.7/plugins/httpd_tty_comm.py setroubleshoot-1.9.7.new/plugins/httpd_tty_comm.py >--- setroubleshoot-1.9.7/plugins/httpd_tty_comm.py 2007-06-11 15:59:39.000000000 +0200 >+++ setroubleshoot-1.9.7.new/plugins/httpd_tty_comm.py 2007-08-12 17:19:57.000000000 +0200 >@@ -25,16 +25,16 @@ > ''') > > problem_description = _(''' >- SELinux is not alowing the http daemon to communicate with the >+ SELinux is not allowing the http daemon to communicate with the > terminal. Most daemons do not need to communicate >- with the terminal. http can be setup to require information >+ with the terminal. httpd can be setup to require information > during the boot process which would require this access. If you >- did not setup http to requires access to the terminal, this may >+ did not setup httpd to requires access to the terminal, this may > signal a intrusion attempt. > ''') > > fix_description = _(''' >- If you want the http daemon to be able to access the terminal you >+ If you want the http daemon to be able to access the terminal, you > must set the $BOOLEAN boolean: "setsebool -P > $BOOLEAN=1" > ''') >diff -Nur setroubleshoot-1.9.7/plugins/httpd_unified.py setroubleshoot-1.9.7.new/plugins/httpd_unified.py >--- setroubleshoot-1.9.7/plugins/httpd_unified.py 2007-06-11 15:59:40.000000000 +0200 >+++ setroubleshoot-1.9.7.new/plugins/httpd_unified.py 2007-08-12 17:21:25.000000000 +0200 >@@ -32,15 +32,15 @@ > > Ordinarily httpd is allowed full access to all files labeled with http file > context. This machine has a tightened security policy with the $BOOLEAN >- turned off, This requires explicit labeling of all files. If a file is >+ turned off, this requires explicit labeling of all files. If a file is > a cgi script it needs to be labeled with httpd_TYPE_script_exec_t in order >- to be executed. If it is read only content, it needs to be labeled >+ to be executed. If it is read-only content, it needs to be labeled > httpd_TYPE_content_t, it is writable content. it needs to be labeled > httpd_TYPE_script_rw_t or httpd_TYPE_script_ra_t. You can use the >- chcon command to change these context. Please refer to the man page >+ chcon command to change these contexts. Please refer to the man page > "man httpd_selinux" or > <a href="http://fedora.redhat.com/docs/selinux-apache-fc3">FAQ</a> >- "TYPE" refers toi one of "sys", "user" or "staff" or potentially other >+ "TYPE" refers to one of "sys", "user" or "staff" or potentially other > script types. > ''') > >diff -Nur setroubleshoot-1.9.7/plugins/prelink_mislabled.py setroubleshoot-1.9.7.new/plugins/prelink_mislabled.py >--- setroubleshoot-1.9.7/plugins/prelink_mislabled.py 2007-06-11 15:59:40.000000000 +0200 >+++ setroubleshoot-1.9.7.new/plugins/prelink_mislabled.py 2007-08-12 17:27:18.000000000 +0200 >@@ -27,8 +27,8 @@ > problem_description = _(''' > SELinux denied prelink $ACCESS on $TARGET_PATH. > The prelink program is only allowed to manipulate files that are identified as >- executables or shared librares by SELinux. Libraries that get placed in >- lib directories get labeled by default as a shared library. Similarly >+ executables or shared libraries by SELinux. Libraries that get placed in >+ lib directories get labeled by default as a shared library. Similarly, > executables that get placed in a bin or sbin directory get labeled as executables by SELinux. However, if these files get installed in other directories > they might not get the correct label. If prelink is trying > to manipulate a file that is not a binary or share library this may indicate an >@@ -37,11 +37,11 @@ > ''') > > fix_description = _(''' >- You can alter the file context by executing chcon -t bin_t $TARGET_PATH or >- chcon -t lib_t $TARGET_PATH if it is a shared library. If you want to make these changes permanant you must execute the semanage command. >- semanage fcontext -a -t bin_t $TARGET_PATH or >- semanage fcontext -a -t shlib_t $TARGET_PATH. >- If you feel this executable/shared library is in the wrong location please file a bug against the package that includes the file, if you feel that SELinux should know about this file and label it correctly please file a bug against <a href="http://bugzilla.redhat.com/bugzilla/enter_bug.cgi">SELinux policy</a>. >+ You can alter the file context by executing "chcon -t bin_t $TARGET_PATH" or >+ "chcon -t lib_t $TARGET_PATH" if it is a shared library. If you want to make these changes permanent you must execute the semanage command. >+ "semanage fcontext -a -t bin_t $TARGET_PATH" or >+ "semanage fcontext -a -t shlib_t $TARGET_PATH". >+ If you feel this executable/shared library is in the wrong location please file a bug against the package that includes the file. If you feel that SELinux should know about this file and label it correctly please file a bug against <a href="http://bugzilla.redhat.com/bugzilla/enter_bug.cgi">SELinux policy</a>. > > ''') > >diff -Nur setroubleshoot-1.9.7/plugins/samba_enable_home_dirs.py setroubleshoot-1.9.7.new/plugins/samba_enable_home_dirs.py >--- setroubleshoot-1.9.7/plugins/samba_enable_home_dirs.py 2007-06-11 15:59:40.000000000 +0200 >+++ setroubleshoot-1.9.7.new/plugins/samba_enable_home_dirs.py 2007-08-12 17:18:22.000000000 +0200 >@@ -21,13 +21,13 @@ > > class plugin(Plugin): > summary =_(''' >- SELinux is preventing the samba daemon from reading users home directories. >+ SELinux is preventing the samba daemon from reading users' home directories. > ''') > > problem_description = _(''' >- SELinux has denied the samba daemon access to users home >+ SELinux has denied the samba daemon access to users' home > directories. Someone is attempting to access your home directories >- via your samba daemon. If you only setup samba to share non home >+ via your samba daemon. If you only setup samba to share non-home > directories, this probably signals a intrusion attempt. > For more information on SELinux integration with samba, look at the > samba_selinux man page. (man samba_selinux) >diff -Nur setroubleshoot-1.9.7/plugins/spamd_enable_home_dirs.py setroubleshoot-1.9.7.new/plugins/spamd_enable_home_dirs.py >--- setroubleshoot-1.9.7/plugins/spamd_enable_home_dirs.py 2007-06-11 15:59:40.000000000 +0200 >+++ setroubleshoot-1.9.7.new/plugins/spamd_enable_home_dirs.py 2007-08-12 17:18:57.000000000 +0200 >@@ -22,13 +22,13 @@ > > class plugin(Plugin): > summary =_(''' >- SELinux is preventing the spamd daemon from reading users home directories. >+ SELinux is preventing the spamd daemon from reading users' home directories. > ''') > > problem_description = _(''' >- SELinux has denied the spamd daemon access to users home >+ SELinux has denied the spamd daemon access to users' home > directories. Someone is attempting to access your home directories >- via your spamd daemon. If you only setup spamd to share non home >+ via your spamd daemon. If you only setup spamd to share non-home > directories, this probably signals a intrusion attempt. > ''') >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=161777">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 231762
:
149789
| 161777