Bug 253520
| Summary: | SELinux is preventing /usr/lib/firefox-2.0.0.5/firefox-bin from changing the access protection of memory on the heap. | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | The Hermit <eloign> |
| Component: | firefox-32 | Assignee: | Warren Togami <wtogami> |
| Status: | CLOSED INSUFFICIENT_DATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | 7 | CC: | dwalsh, mcepl |
| Target Milestone: | --- | Keywords: | SELinux |
| Target Release: | --- | ||
| Hardware: | i686 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2008-04-10 09:46:09 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Reporter, have you reproduced this bug with the current update of your system? Since there are insufficient details provided in this report for us to investigate the issue further, and we have not received feedback to the information we have requested above, we will assume the problem was not reproducible, or has been fixed in one of the updates we have released for the reporter's distribution. Users who have experienced this problem are encouraged to upgrade to the latest update of their distribution, and if this issue turns out to still be reproducible in the latest update, please reopen this bug with additional information. Closing as INSUFFICIENT_DATA. |
Description of problem: The /usr/lib/firefox-2.0.0.5/firefox-bin application attempted to change the access protection of memory on the heap (e,g., allocated using malloc). This is a potential security problem. Applications should not be doing this. Applications are sometimes coded incorrectly and request this permission. The SELinux Memory Protection Tests web page explains how to remove this requirement. If /usr/lib/firefox-2.0.0.5/firefox-bin does not work and you need it to work, you can configure SELinux temporarily to allow this access until the application is fixed. Please file a bug report against this package. Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info: Source Context: root:system_r:unconfined_t:SystemLow-SystemHighTarget Context: root:system_r:unconfined_t:SystemLow-SystemHighTarget Objects: None [ process ]Affected RPM Packages: firefox-2.0.0.5-1.fc7 [application]Policy RPM: selinux-policy-2.6.4-33.fc7Selinux Enabled: TruePolicy Type: targetedMLS Enabled: TrueEnforcing Mode: PermissivePlugin Name: plugins.allow_execheapHost Name: localhost.localdomainPlatform: Linux localhost.localdomain 2.6.22.1-41.fc7 #1 SMP Fri Jul 27 18:10:34 EDT 2007 i686 i686Alert Count: 1First Seen: Mon 20 Aug 2007 07:19:35 AM CDTLast Seen: Mon 20 Aug 2007 07:19:35 AM CDTLocal ID: f70189fa-9d90-4022-8417-9e6e4f2cceafLine Numbers: Raw Audit Messages :avc: denied { execheap } for comm="firefox-bin" egid=0 euid=0 exe="/usr/lib/firefox-2.0.0.5/firefox-bin" exit=0 fsgid=0 fsuid=0 gid=0 items=0 pid=10835 scontext=root:system_r:unconfined_t:s0-s0:c0.c1023 sgid=0 subj=root:system_r:unconfined_t:s0-s0:c0.c1023 suid=0 tclass=process tcontext=root:system_r:unconfined_t:s0-s0:c0.c1023 tty=(none) uid=0