Bug 178971 - OpenOffice apps need execmem
Summary: OpenOffice apps need execmem
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: openoffice.org
Version: rawhide
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Caolan McNamara
QA Contact:
URL:
Whiteboard:
Keywords: Security
: 178670 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2006-01-25 21:06 UTC by Daniel Walsh
Modified: 2007-11-30 22:11 UTC (History)
2 users (show)

(edit)
Clone Of:
(edit)
Last Closed: 2006-01-27 09:09:00 UTC


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
OpenOffice.org 47132 None None None Never

Description Daniel Walsh 2006-01-25 21:06:45 UTC
Description of problem:

javaldx
simpress.bin
soffice.bin

time->Mon Jan 23 13:45:59 2006
type=SYSCALL msg=audit(1138041959.854:3075): arch=40000003 syscall=192
success=yes exit=2203648 a0=0 a1=10000 a2=7 a3=22 items=0 pid=2953
auid=4294967295 uid=3267 gid=3267 euid=3267 suid=3267 fsuid=3267 egid=3267
sgid=3267 fsgid=3267 comm="javaldx" exe="/usr/lib/openoffice.org2.0/program/javaldx"
type=AVC msg=audit(1138041959.854:3075): avc:  granted  { execmem } for 
pid=2953 comm="javaldx" scontext=user_u:system_r:unconfined_t:s0-s0:c0.c4
tcontext=user_u:system_r:unconfined_t:s0-s0:c0.c4 tclass=process
----
time->Mon Jan 23 10:08:25 2006
type=SYSCALL msg=audit(1138028905.062:2627): arch=40000003 syscall=192
success=yes exit=31760384 a0=0 a1=30000 a2=7 a3=22 items=0 pid=7589
auid=4294967295 uid=3267 gid=3267 euid=3267 suid=3267 fsuid=3267 egid=3267
sgid=3267 fsgid=3267 comm="soffice.bin"
exe="/usr/lib/openoffice.org2.0/program/soffice.bin"
type=AVC msg=audit(1138028905.062:2627): avc:  granted  { execmem } for 
pid=7589 comm="soffice.bin" scontext=user_u:system_r:unconfined_t:s0-s0:c0.c4
tcontext=user_u:system_r:unconfined_t:s0-s0:c0.c4 tclass=process

----
time->Mon Jan 23 13:46:07 2006
type=SYSCALL msg=audit(1138041967.702:3077): arch=40000003 syscall=192
success=yes exit=11841536 a0=0 a1=10000 a2=7 a3=22 items=0 pid=2966
auid=4294967295 uid=3267 gid=3267 euid=3267 suid=3267 fsuid=3267 egid=3267
sgid=3267 fsgid=3267 comm="simpress.bin"
exe="/usr/lib/openoffice.org2.0/program/simpress.bin"
type=AVC msg=audit(1138041967.702:3077): avc:  granted  { execmem } for 
pid=2966 comm="simpress.bin" scontext=user_u:system_r:unconfined_t:s0-s0:c0.c4
tcontext=user_u:system_r:unconfined_t:s0-s0:c0.c4 tclass=process


http://people.redhat.com/drepper/selinux-mem.html

Comment 1 Caolan McNamara 2006-01-26 08:28:47 UTC
*** Bug 178670 has been marked as a duplicate of this bug. ***

Comment 2 Caolan McNamara 2006-01-26 08:34:11 UTC
All mem alloced by OOo is PROT_EXEC because some allocs need to be executable to
make the remote bridge uno stuff work, e.g. pyuno. 

But I think we should be able to turn off PROT_EXEC during alloc and mprotect it
at the bridge location.

Comment 3 Caolan McNamara 2006-01-27 09:09:00 UTC
Hopefully 2.0.1.1-8.2 resolves this


Note You need to log in before you can comment on or make changes to this bug.