Bug 525354

Summary: setroubleshoot: SELinux is preventing /usr/lib/thunderbird-3.0b4/thunderbird-bin "execmem" access on <Unknown>.
Product: [Fedora] Fedora Reporter: Hongwen Qiu <tsukinokage>
Component: thunderbirdAssignee: Jan Horak <jhorak>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: low    
Version: rawhideCC: caillon, dwalsh, gecko-bugs-nobody, jbrier, johnp, mcepl, mgrepl, orion, stransky, walters
Target Milestone: ---Keywords: SELinux
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard: setroubleshoot_trace_hash:8e6f56a998812b25173bcd51f6c583066ebbeec4695cadf2041daaa6b889b635
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-10-15 13:57:18 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 473303    

Description Hongwen Qiu 2009-09-24 02:52:40 UTC 
The following was filed automatically by setroubleshoot:

概述:

SELinux is preventing /usr/lib/thunderbird-3.0b4/thunderbird-bin "execmem"
access on <Unknown>.

详细描述:

[SELinux is in permissive mode. This access was not denied.]

SELinux denied access requested by thunderbird-bin. The current boolean settings
do not allow this access. If you have not setup thunderbird-bin to require this
access this may signal an intrusion attempt. If you do intend this access you
need to change the booleans on this system to allow the access.

允许访问:

One of the following booleans is set incorrectly: allow_execstack, allow_execmem

Fix 命令:

Choose one of the following to allow access:
Allow unconfined executables to make their stack executable. This should never,
ever be necessary. Probably indicates a badly coded executable, but could
indicate an attack. This executable should be reported in bugzilla")
# setsebool -P allow_execstack 1
Allow unconfined executables to map a memory region as both executable and
writable, this is dangerous and the executable should be reported in bugzilla")
# setsebool -P allow_execmem 1


附加信息:

源上下文                  unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1
                              023
目标上下文               unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1
                              023
目标对象                  None [ process ]
源                           thunderbird-bin
源路径                     /usr/lib/thunderbird-3.0b4/thunderbird-bin
端口                        <未知>
主机                        (removed)
源 RPM 软件包             thunderbird-3.0-3.9.b4.fc12
目标 RPM 软件包          
策略 RPM                    selinux-policy-3.6.32-8.fc12
启用 Selinux                True
策略类型                  targeted
启用 MLS                    True
Enforcing 模式              Permissive
插件名称                  catchall_boolean
主机名                     (removed)
平台                        Linux (removed) 2.6.31-33.fc12.i686.PAE #1 SMP
                              Thu Sep 17 15:40:35 EDT 2009 i686 i686
警报计数                  1
第一个                     2009年09月24日 星期四 10时50分48秒
最后一个                  2009年09月24日 星期四 10时50分48秒
本地 ID                     e6564c4a-3003-4f89-b1bb-ded73bed28d8
行号                        

原始核查信息            

node=(removed) type=AVC msg=audit(1253760648.514:41): avc:  denied  { execmem } for  pid=6559 comm="thunderbird-bin" scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=process

node=(removed) type=SYSCALL msg=audit(1253760648.514:41): arch=40000003 syscall=192 success=yes exit=1806336 a0=0 a1=1000 a2=7 a3=22 items=0 ppid=6555 pid=6559 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="thunderbird-bin" exe="/usr/lib/thunderbird-3.0b4/thunderbird-bin" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null)


audit2allow suggests:

#============= unconfined_t ==============
allow unconfined_t self:process execmem;
Comment 1 Martin Stransky 2009-09-25 05:23:14 UTC 
Actually the correct component here is thunderbird until we manage to build it with xulrunner.
Comment 2 John Brier 2009-09-25 13:46:34 UTC 
Just so people can find this bug easier, if you run thunderbird from the command line you will get a seg fault like this:


$ thunderbird
/usr/lib/thunderbird-3.0b4/run-mozilla.sh: line 131:  8607 Segmentation fault      (core dumped) "$prog" ${1+"$@"}
Comment 3 Matěj Cepl 2009-09-29 13:27:30 UTC 
(In reply to comment #2)
> Just so people can find this bug easier, if you run thunderbird from the
> command line you will get a seg fault like this:
> 
> 
> $ thunderbird
> /usr/lib/thunderbird-3.0b4/run-mozilla.sh: line 131:  8607 Segmentation fault  
>    (core dumped) "$prog" ${1+"$@"}  

Except that this is completely misleading ... almost every crash somewhere around Thunderbird (and Firefox) ends with this error message.
Comment 4 John Brier 2009-09-29 14:02:32 UTC 
(In reply to comment #3)
> (In reply to comment #2)
> > Just so people can find this bug easier, if you run thunderbird from the
> > command line you will get a seg fault like this:
> > 
> > 
> > $ thunderbird
> > /usr/lib/thunderbird-3.0b4/run-mozilla.sh: line 131:  8607 Segmentation fault  
> >    (core dumped) "$prog" ${1+"$@"}  
> 
> Except that this is completely misleading ... almost every crash somewhere
> around Thunderbird (and Firefox) ends with this error message.  

ok, maybe they will find this BZ and then realize to look at SELinux errors.. if it's not related fine. if it is, now they know their problem. I can make my comment private if you think it's that misleading. Whatever.
Comment 5 Orion Poplawski 2009-10-12 21:51:03 UTC 
Ironically, this did help me find this, because of the words "Segmentation fault".  "setsebool allow_execmem=1" does prevent the segfault, so that is indeed the trigger.  Otherwise, just about any message composition crashes thunderbird.

#0  0x00bc7416 in __kernel_vsyscall ()                 
#1  0x008c1490 in raise (sig=11) at ../nptl/sysdeps/unix/sysv/linux/pt-raise.c:42
#2  0x00b1eeff in nsProfileLock::FatalSignalHandler (signo=<value optimized out>)              
    at nsProfileLock.cpp:212
#3  <signal handler called>                                                 
#4  initOpcode (op=<value optimized out>, this=0x3)                        
    at /usr/src/debug/thunderbird-3.0/comm-central/mozilla/js/src/nanojit/LIR.cpp:603          
#5  nanojit::LirBufWriter::ins0 (op=<value optimized out>, this=0x3)   
    at /usr/src/debug/thunderbird-3.0/comm-central/mozilla/js/src/nanojit/LIR.cpp:315          
#6  0x00e811ce in RegExpNativeCompiler::compile (this=<value optimized out>,
    cx=<value optimized out>)                     
    at /usr/src/debug/thunderbird-3.0/comm-central/mozilla/js/src/jsregexp.cpp:2411
#7  0x00e78550 in CompileRegExpToNative (re=<value optimized out>, cx=<value optimized out>,   
    fragment=<value optimized out>)           
    at /usr/src/debug/thunderbird-3.0/comm-central/mozilla/js/src/jsregexp.cpp:2475            
#8  GetNativeRegExp (re=<value optimized out>, cx=<value optimized out>,                       
    fragment=<value optimized out>)             
    at /usr/src/debug/thunderbird-3.0/comm-central/mozilla/js/src/jsregexp.cpp:2510            
#9  MatchRegExp (re=<value optimized out>, cx=<value optimized out>,                           
    fragment=<value optimized out>)                       
    at /usr/src/debug/thunderbird-3.0/comm-central/mozilla/js/src/jsregexp.cpp:3922            
#10 js_ExecuteRegExp (re=<value optimized out>, cx=<value optimized out>,  
    fragment=<value optimized out>)                    
    at /usr/src/debug/thunderbird-3.0/comm-central/mozilla/js/src/jsregexp.cpp:4090            
#11 0x00e8cf4c in match_or_replace (cx=0x97857c00, glob=<value optimized out>,
    destroy=<value optimized out>, data=<value optimized out>, argc=<value optimized out>,     
    vp=<value optimized out>)        
    at /usr/src/debug/thunderbird-3.0/comm-central/mozilla/js/src/jsstr.cpp:1346
#12 0x00e8ee5b in js_StringReplaceHelper (cx=<value optimized out>,
    argc=<value optimized out>, lambda=<value optimized out>, repstr=<value optimized out>,
    vp=<value optimized out>)                
    at /usr/src/debug/thunderbird-3.0/comm-central/mozilla/js/src/jsstr.cpp:1797
#13 0x00e8f00c in str_replace (cx=<value optimized out>, argc=<value optimized out>,
    vp=<value optimized out>)
    at /usr/src/debug/thunderbird-3.0/comm-central/mozilla/js/src/jsstr.cpp:1759
#14 0x00e49ff7 in js_Interpret (cx=<value optimized out>)
    at /usr/src/debug/thunderbird-3.0/comm-central/mozilla/js/src/jsinterp.cpp:5147
#15 0x00e4fcc4 in js_Invoke (cx=<value optimized out>, argc=<value optimized out>,
    vp=<value optimized out>, flags=<value optimized out>)
    at /usr/src/debug/thunderbird-3.0/comm-central/mozilla/js/src/jsinterp.cpp:1394
#16 0x027f41d9 in nsXPCWrappedJSClass::CallMethod (this=<value optimized out>,
    wrapper=<value optimized out>, methodIndex=<value optimized out>,
    info=<value optimized out>, nativeParams=<value optimized out>)
    at /usr/src/debug/thunderbird-3.0/comm-central/mozilla/js/src/xpconnect/src/xpcwrappedjsclass.cpp:1697
#17 0x027efb62 in nsXPCWrappedJS::CallMethod (this=<value optimized out>,
    methodIndex=<value optimized out>, info=<value optimized out>,
    params=<value optimized out>)
    at /usr/src/debug/thunderbird-3.0/comm-central/mozilla/js/src/xpconnect/src/xpcwrappedjs.cpp:569
#18 0x0021e0a2 in PrepareAndDispatch (methodIndex=<value optimized out>,
---Type <return> to continue, or q <return> to quit---
    self=<value optimized out>, args=<value optimized out>)
    at /usr/src/debug/thunderbird-3.0/comm-central/mozilla/xpcom/reflect/xptcall/src/md/unix/xptcstubs_gcc_x86_unix.cpp:95
#19 0x01aa95f3 in nsDOMWorkerMessageHandler::DispatchEvent (this=<value optimized out>,
    aEvent=0x967ef9b0, _retval=<value optimized out>)
    at /usr/src/debug/thunderbird-3.0/comm-central/mozilla/dom/src/threads/nsDOMWorkerMessageHandler.cpp:345
#20 0x01aa23aa in nsDOMWorkerScope::DispatchEvent (this=<value optimized out>,
    aEvent=<value optimized out>, _retval=<value optimized out>)
    at /usr/src/debug/thunderbird-3.0/comm-central/mozilla/dom/src/threads/nsDOMWorker.cpp:797
#21 0x01aa5fbd in nsDOMFireEventRunnable::Run (this=<value optimized out>)
    at /usr/src/debug/thunderbird-3.0/comm-central/mozilla/dom/src/threads/nsDOMWorker.cpp:863
#22 0x01aa1e99 in RunQueue (aCx=<value optimized out>, this=<value optimized out>)
    at /usr/src/debug/thunderbird-3.0/comm-central/mozilla/dom/src/threads/nsDOMThreadService.cpp:382
#23 nsDOMWorkerRunnable::Run (aCx=<value optimized out>, this=<value optimized out>)
    at /usr/src/debug/thunderbird-3.0/comm-central/mozilla/dom/src/threads/nsDOMThreadService.cpp:325
#24 0x002112f4 in nsThreadPool::Run (this=<value optimized out>)
    at /usr/src/debug/thunderbird-3.0/comm-central/mozilla/xpcom/threads/nsThreadPool.cpp:219
#25 0x0020ef6b in nsThread::ProcessNextEvent (this=<value optimized out>,
    mayWait=<value optimized out>, result=<value optimized out>)
    at /usr/src/debug/thunderbird-3.0/comm-central/mozilla/xpcom/threads/nsThread.cpp:521
#26 0x001d91b1 in NS_ProcessNextEvent_P (thread=<value optimized out>,
    mayWait=<value optimized out>) at nsThreadUtils.cpp:227
#27 0x0020f7dd in nsThread::ThreadFunc (arg=<value optimized out>)
    at /usr/src/debug/thunderbird-3.0/comm-central/mozilla/xpcom/threads/nsThread.cpp:254
#28 0x00137a72 in _pt_root (arg=0xa6faaf80)
    at ../../../mozilla/nsprpub/pr/src/pthreads/ptthread.c:228
#29 0x008b89d5 in start_thread (arg=0x8a9fdb70) at pthread_create.c:297
#30 0x043c469e in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:130
Comment 6 Jan Horak 2009-10-15 13:57:18 UTC 
Seems to be dup of bug #528762.

*** This bug has been marked as a duplicate of bug 528762 ***