Bug 473862

Summary: Windows application won't run due to several text relocation warnings
Product: [Fedora] Fedora Reporter: Andre Robatino <robatino>
Component: selinux-policyAssignee: Daniel Walsh <dwalsh>
Status: CLOSED NOTABUG QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: medium    
Version: 10CC: dwalsh, jkubin, mgrepl
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-12-01 19:32:51 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
unhandled page fault from attempting to run rad-mc.exe using wine on x86_64
none
sealert from attempting to run rad-mc.exe (this happens on both 32- and 64-bit)
none
sealert from running the rad-mc.exe installer after changing its file context none

Description Andre Robatino 2008-12-01 05:22:32 UTC 
Created attachment 325172 [details]
unhandled page fault from attempting to run rad-mc.exe using wine on x86_64

Description of problem:
The Windows application MyCash (see http://www.radsoftware.org/html/mycash.html) used to run adequately under F9 using wine.  Suddenly, in F10, there are text relocation warnings regarding several files, including the installer file rad-mc.exe.  Originally I assumed this was just Fedora progressively tightening up its security and uncovering an existing problem with the program.  However, after seeing several bugs filed against Fedora components regarding the same type of warning, I'm not sure anymore.  I tried updating to selinux-policy-3.5.13-26.fc10.noarch and selinux-policy-targeted-3.5.13-26.fc10.noarch but the problem seems to persist.

In addition, on my x86_64 F10 box, I can't even run rad-mc.exe - it crashes with an unhandled page fault.  I've attached this below along with the associated sealert.  In x86 F10, I just get the sealert, which can be bypassed by changing the file context, but when attempting to run it there are similar warnings for several installed files.

Version-Release number of selected component (if applicable):
selinux-policy-3.5.13-18.fc10.noarch

How reproducible:
always

Steps to Reproduce:
1.  Try to install/run MyCash from the above page.
  
Actual results:
Lots of text relocation warnings, along with an unhandled page fault in x86_64.

Expected results:
Not sure - don't know how much is the fault of the program vs. selinux-policy.

Additional info:
This program is not malware - it's been around for years.  It won't try to reformat your hard drive, so it should be safe to attempt installing/using.  Of course, unless these warnings start showing up in Windows, the author is unlikely to fix them.
Comment 1 Andre Robatino 2008-12-01 05:24:16 UTC 
Created attachment 325173 [details]
sealert from attempting to run rad-mc.exe (this happens on both 32- and 64-bit)
Comment 2 Daniel Walsh 2008-12-01 18:17:49 UTC 
I have no idea why this would have worked on F9? unless you had the allow_execmod boolean turned on.

setsebool -P allow_execmod=1

I think if you use wine to execute this application it will get the priv to use execmod, but I did not know you could start an EXE directly.

If you 

chcon -t textrel_shlib_t '/home/andre/rad-mc.exe'

Does the application work?
Comment 3 Andre Robatino 2008-12-01 18:45:51 UTC 
I'm trying this now using x86_64 F10.  If I run

chcon -t textrel_shlib_t '/home/andre/rad-mc.exe'

then running "./rad-mc.exe" in my home directory works - the installer runs.  Below are messages from the terminal - this sort of minor crud is normal (meaning I saw it in F9 when the application worked).

[andre@localhost ~]$ ./rad-mc.exe 
fixme:advpack:set_ldids Need to support changing paths - default will be used
err:setupapi:SetupDefaultQueueCallbackW copy error 3 L"C:\\windows\\temp\\$INFTool.Tmp\\MyCash.exe" -> L"\\MyCash.exe"
err:setupapi:SetupDefaultQueueCallbackW copy error 3 L"C:\\windows\\temp\\$INFTool.Tmp\\ReadMe.Txt" -> L"\\ReadMe.Txt"
err:setupapi:SetupDefaultQueueCallbackW copy error 3 L"C:\\windows\\temp\\$INFTool.Tmp\\Catalog.exe" -> L"\\Catalog.exe"
err:setupapi:SetupDefaultQueueCallbackW copy error 3 L"C:\\windows\\temp\\$INFTool.Tmp\\001.cl" -> L"\\001.cl"
err:setupapi:SetupDefaultQueueCallbackW copy error 3 L"C:\\windows\\temp\\$INFTool.Tmp\\001.lpt" -> L"\\001.lpt"
err:setupapi:SetupDefaultQueueCallbackW copy error 3 L"C:\\windows\\temp\\$INFTool.Tmp\\001.mc" -> L"\\001.mc"
err:setupapi:SetupDefaultQueueCallbackW copy error 3 L"C:\\windows\\temp\\$INFTool.Tmp\\001.pl" -> L"\\001.pl"
err:setupapi:SetupDefaultQueueCallbackW copy error 3 L"C:\\windows\\temp\\$INFTool.Tmp\\MyCash.Dex" -> L"\\MyCash.Dex"
err:setupapi:SetupDefaultQueueCallbackW copy error 3 L"C:\\windows\\temp\\$INFTool.Tmp\\RADSite.url" -> L"\\RADSite.url"
err:setupapi:SetupDefaultQueueCallbackW copy error 3 L"C:\\windows\\temp\\$INFTool.Tmp\\EULA.txt" -> L"\\EULA.txt"
[andre@localhost ~]$

I also get another sealert, which I've attached.  If I attempt to run the installed application, there will be several more sealerts associated with several more files.  Like I said, either selinux-policy suddenly improved its security substantially with F10, or it's an selinux bug, since these text relocation errors never appeared in F9, on two different 32-bit machines (I just bought the 64-bit box).
Comment 4 Andre Robatino 2008-12-01 18:47:00 UTC 
Created attachment 325281 [details]
sealert from running the rad-mc.exe installer after changing its file context
Comment 5 Andre Robatino 2008-12-01 18:50:02 UTC 
Also should have mentioned that to get Windows executables to run this way using Wine, all I have to do is to give them execute permission.  I haven't changed any other settings from the defaults.  It should work out of the box on any Fedora install after installing wine.
Comment 6 Andre Robatino 2008-12-01 19:11:32 UTC 
After running the installer the first time, if I do

chcon -t textrel_shlib_t '/home/andre/.wine/drive_c/windows/system32/MSVBVM50.DLL'

and then run it again, I get two more sealerts (text relocation again), so I do

chcon -t textrel_shlib_t '/home/andre/.wine/drive_c/windows/system32/ccrpDtp.ocx'
chcon -t textrel_shlib_t '/home/andre/.wine/drive_c/windows/system32/tabctl32.ocx'

and after running the installer again, I get two more sealerts (text relocation again), so I do

chcon -t textrel_shlib_t '/home/andre/.wine/drive_c/windows/system32/msflxgrd.ocx'
chcon -t textrel_shlib_t '/home/andre/.wine/drive_c/windows/system32/Anigif.dll'

and if I run the installer again, it works without any sealerts.

Now, if I try to actually run the installed application (~/.wine/drive_c/MyCash.exe), it appears to run, but I get another sealert (text relocation), so I do

chcon -t textrel_shlib_t '/home/andre/.wine/drive_c/MyCash.exe'

and it now appears to start more or less normally.  But I never saw a single text relocation warning in F9.
Comment 7 Daniel Walsh 2008-12-01 19:16:49 UTC 
allow_execmod was turned on by default in Fedora 9, and turned off by default in Fedora 10.

So turn the boolean on and you should be fine.

setsebool -P allow_execmod=1

Which will allow you to run apps as an unconfined user which requires execmod.
Comment 8 Andre Robatino 2008-12-01 19:32:51 UTC 
After running "setsebool -P allow_execmod=1" as root, everything works now, same as F9.  I'll close this as NOTABUG, and do some reading about the security implications of allowing this.  Thanks and sorry for the trouble.
Comment 9 Andre Robatino 2008-12-01 19:41:08 UTC 
One quick question - did this happen because this particular Windows application was written incorrectly, or would attempting to run any Windows program have generated the same errors?
Comment 10 Daniel Walsh 2008-12-01 19:48:49 UTC 
Running any window application will cause this problem, I believe.