First Last Prev Next    This bug is not in your last search results.
Bug 123107 - selinux audit message from fetchmail
selinux audit message from fetchmail
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: policy (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Russell Coker
Ben Levenson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-05-12 11:41 EDT by Tim Waugh
Modified: 2007-11-30 17:10 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-05-12 13:46:40 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Tim Waugh 2004-05-12 11:41:54 EDT 
Description of problem:
While running 'fetchmail -a' in enforcing mode I get this audit message:

audit(1084375398.024:0): avc:  denied  { setrlimit } for  pid=5465
exe=/usr/bin/fetchmail scontext=user_u:user_r:user_t
tcontext=user_u:user_r:user_t tclass=process

It comes from this code in fetchmail.c:

#ifdef HAVE_SETRLIMIT
    /*
     * Before getting passwords, disable core dumps unless -v -d0 mode
is on.
     * Core dumps could otherwise contain passwords to be scavenged by a
     * cracker.
     */
    if (outlevel < O_VERBOSE || run.poll_interval > 0)
    {
        struct rlimit corelimit;
        corelimit.rlim_cur = 0;
        corelimit.rlim_max = 0;
        setrlimit(RLIMIT_CORE, &corelimit);
    }
#endif /* HAVE_SETRLIMIT */

Version-Release number of selected component (if applicable):
fetchmail-6.2.5-2
policy-1.11.3-5

How reproducible:
100%

Steps to Reproduce:
1. Run 'fetchmail -a' with a valid config.
Comment 1 Daniel Walsh 2005-05-12 13:46:40 EDT 
Fetchmail runs under it's own context now so this is fixed.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.