Bug 527040
| Summary: | setroubleshoot: Your system may be seriously compromised! /usr/sbin/ntpd attempted to mmap low kernel memory. | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Matěj Cepl <mcepl> |
| Component: | selinux-policy | Assignee: | Eric Paris <eparis> |
| Status: | CLOSED DUPLICATE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | rawhide | CC: | dwalsh, mcepl, mcepl, mgrepl |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Whiteboard: | setroubleshoot_trace_hash:6e8b3d6f3be3b8f52f10e71e59ba9f0c78aa473bf17b51abd5301437b296fe8e | ||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2009-10-05 14:12:21 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
*** This bug has been marked as a duplicate of bug 525537 *** |
The following was filed automatically by setroubleshoot: Souhrn: Your system may be seriously compromised! /usr/sbin/ntpd attempted to mmap low kernel memory. Podrobný popis: [SELinux is in permissive mode. This access was not denied.] SELinux has denied the ntpd the ability to mmap low area of the kernel address space. The ability to mmap a low area of the address space, as configured by /proc/sys/kernel/mmap_min_addr. Preventing such mappings helps protect against exploiting null deref bugs in the kernel. All applications that need this access should have already had policy written for them. If a compromised application tries modify the kernel this AVC would be generated. This is a serious issue. Your system may very well be compromised. Povolení přístupu: Contact your security administrator and report this issue. Další informace: Kontext zdroje system_u:system_r:ntpd_t:s0 Kontext cíle system_u:system_r:ntpd_t:s0 Objekty cíle None [ memprotect ] Zdroj ntpd Cesta zdroje /usr/sbin/ntpd Port <Neznámé> Počítač (removed) RPM balíčky zdroje ntp-4.2.4p7-6.fc12 RPM balíčky cíle RPM politiky selinux-policy-3.6.32-12.fc12 Selinux povolen True Typ politiky targeted MLS povoleno True Vynucovací režim Permissive Název zásuvného modulu mmap_zero Název počítače (removed) Platforma Linux (removed) 2.6.31.1-56.fc12.x86_64 #1 SMP Tue Sep 29 16:16:22 EDT 2009 x86_64 x86_64 Počet upozornění 1 Poprvé viděno So 3. říjen 2009, 17:23:00 CEST Naposledy viděno So 3. říjen 2009, 17:23:00 CEST Místní ID e4ba885d-aabe-41a2-a421-0e9c5f840f1a Čísla řádků Původní zprávy auditu node=(removed) type=AVC msg=audit(1254583380.806:10): avc: denied { mmap_zero } for pid=1662 comm="ntpd" scontext=system_u:system_r:ntpd_t:s0 tcontext=system_u:system_r:ntpd_t:s0 tclass=memprotect node=(removed) type=SYSCALL msg=audit(1254583380.806:10): arch=c000003e syscall=125 success=no exit=-14 a0=7ffff7e32284 a1=0 a2=7ffff5dc0e80 a3=7fffdfe00600 items=0 ppid=1 pid=1662 auid=4294967295 uid=38 gid=38 euid=38 suid=38 fsuid=38 egid=38 sgid=38 fsgid=38 tty=(none) ses=4294967295 comm="ntpd" exe="/usr/sbin/ntpd" subj=system_u:system_r:ntpd_t:s0 key=(null) Hash String generated from selinux-policy-3.6.32-12.fc12,mmap_zero,ntpd,ntpd_t,ntpd_t,memprotect,mmap_zero audit2allow suggests: #============= ntpd_t ============== allow ntpd_t self:memprotect mmap_zero;