Bug 529803
| Summary: | Your system may be seriously compromised! /usr/sbin/nscd attempted to mmap low kernel memory. | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Chris Ward <cward> |
| Component: | selinux-policy | Assignee: | Eric Paris <eparis> |
| Status: | CLOSED DUPLICATE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | rawhide | CC: | cward, dwalsh, mgrepl |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Whiteboard: | setroubleshoot_trace_hash:f364b5268636b6217de473c74108ef7834e71806a6350ae89653d53db585ed24 | ||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2009-10-20 12:46:58 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
*** This bug has been marked as a duplicate of bug 525537 *** |
Summary: Your system may be seriously compromised! /usr/sbin/nscd attempted to mmap low kernel memory. Detailed Description: [nscd has a permissive type (nscd_t). This access was not denied.] SELinux has denied the nscd the ability to mmap low area of the kernel address space. The ability to mmap a low area of the address space, as configured by /proc/sys/kernel/mmap_min_addr. Preventing such mappings helps protect against exploiting null deref bugs in the kernel. All applications that need this access should have already had policy written for them. If a compromised application tries modify the kernel this AVC would be generated. This is a serious issue. Your system may very well be compromised. Allowing Access: Contact your security administrator and report this issue. Additional Information: Source Context system_u:system_r:nscd_t:s0 Target Context system_u:system_r:nscd_t:s0 Target Objects None [ memprotect ] Source nscd Source Path /usr/sbin/nscd Port <Unknown> Host (removed) Source RPM Packages nscd-2.10.90-25 Target RPM Packages Policy RPM selinux-policy-3.6.32-27.fc12 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name mmap_zero Host Name (removed) Platform Linux (removed) 2.6.31.1-56.fc12.x86_64 #1 SMP Tue Sep 29 16:16:22 EDT 2009 x86_64 x86_64 Alert Count 6 First Seen Tue 20 Oct 2009 08:14:45 AM CEST Last Seen Tue 20 Oct 2009 08:14:45 AM CEST Local ID 7e63389e-f037-4607-a5de-0a516487e28f Line Numbers Raw Audit Messages node=(removed) type=AVC msg=audit(1256019285.52:64): avc: denied { mmap_zero } for pid=2273 comm="nscd" scontext=system_u:system_r:nscd_t:s0 tcontext=system_u:system_r:nscd_t:s0 tclass=memprotect node=(removed) type=AVC msg=audit(1256019285.52:64): avc: denied { mmap_zero } for pid=2273 comm="nscd" scontext=system_u:system_r:nscd_t:s0 tcontext=system_u:system_r:nscd_t:s0 tclass=memprotect node=(removed) type=AVC msg=audit(1256019285.52:64): avc: denied { mmap_zero } for pid=2273 comm="nscd" scontext=system_u:system_r:nscd_t:s0 tcontext=system_u:system_r:nscd_t:s0 tclass=memprotect node=(removed) type=SYSCALL msg=audit(1256019285.52:64): arch=c000003e syscall=125 success=yes exit=0 a0=7fffedd191f4 a1=0 a2=7fffeb8b5e80 a3=24 items=0 ppid=2272 pid=2273 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="nscd" exe="/usr/sbin/nscd" subj=system_u:system_r:nscd_t:s0 key=(null) Hash String generated from selinux-policy-3.6.32-27.fc12,mmap_zero,nscd,nscd_t,nscd_t,memprotect,mmap_zero audit2allow suggests: #============= nscd_t ============== allow nscd_t self:memprotect mmap_zero;