215424 – firefox generates 'execstack' AVCs logging in to bugzilla/gmail

Bug 215424 - firefox generates 'execstack' AVCs logging in to bugzilla/gmail

Summary: firefox generates 'execstack' AVCs logging in to bugzilla/gmail

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	firefox
Sub Component:
Version:	rawhide
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Christopher Aillon
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	FC7Blocker
TreeView+	depends on / blocked

Reported:	2006-11-13 21:59 UTC by Tom London
Modified:	2007-11-30 22:11 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2006-11-14 17:48:22 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
Output of 'about:plugins' (2.02 KB, text/plain) 2006-11-13 22:25 UTC, Tom London	no flags	Details
View All

Description Tom London 2006-11-13 21:59:25 UTC

Description of problem:
Running targeted/enforcing, logging in to fedora bugzilla or gmail causes
firefox to generate SELinux execstack AVCs:

type=AVC msg=audit(1163454858.017:40): avc:  denied  { execstack } for  pid=4123
comm="firefox-bin" scontext=user_u:system_r:unconfined_t:s0
tcontext=user_u:system_r:unconfined_t:s0 tclass=process
type=SYSCALL msg=audit(1163454858.017:40): arch=40000003 syscall=125 success=no
exit=-13 a0=bfa1b000 a1=1000 a2=1000007 a3=fffff000 items=0 ppid=1 pid=4123
auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500
tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin"
subj=user_u:system_r:unconfined_t:s0 key=(null)
type=AVC msg=audit(1163454858.018:41): avc:  denied  { execstack } for  pid=4123
comm="firefox-bin" scontext=user_u:system_r:unconfined_t:s0
tcontext=user_u:system_r:unconfined_t:s0 tclass=process
type=SYSCALL msg=audit(1163454858.018:41): arch=40000003 syscall=125 success=no
exit=-13 a0=bfa1b000 a1=1000 a2=1000007 a3=fffff000 items=0 ppid=1 pid=4123
auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500
tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin"
subj=user_u:system_r:unconfined_t:s0 key=(null)
type=AVC msg=audit(1163454860.483:42): avc:  denied  { execstack } for  pid=4123
comm="firefox-bin" scontext=user_u:system_r:unconfined_t:s0
tcontext=user_u:system_r:unconfined_t:s0 tclass=process
type=SYSCALL msg=audit(1163454860.483:42): arch=40000003 syscall=125 success=no
exit=-13 a0=bfa1b000 a1=1000 a2=1000007 a3=fffff000 items=0 ppid=1 pid=4123
auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500
tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin"
subj=user_u:system_r:unconfined_t:s0 key=(null)
type=AVC msg=audit(1163454860.483:43): avc:  denied  { execstack } for  pid=4123
comm="firefox-bin" scontext=user_u:system_r:unconfined_t:s0
tcontext=user_u:system_r:unconfined_t:s0 tclass=process
type=SYSCALL msg=audit(1163454860.483:43): arch=40000003 syscall=125 success=no
exit=-13 a0=bfa1b000 a1=1000 a2=1000007 a3=fffff000 items=0 ppid=1 pid=4123
auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500
tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin"
subj=user_u:system_r:unconfined_t:s0 key=(null)
type=AVC msg=audit(1163454860.488:44): avc:  denied  { execstack } for  pid=4123
comm="firefox-bin" scontext=user_u:system_r:unconfined_t:s0
tcontext=user_u:system_r:unconfined_t:s0 tclass=process
type=SYSCALL msg=audit(1163454860.488:44): arch=40000003 syscall=125 success=no
exit=-13 a0=bfa1b000 a1=1000 a2=1000007 a3=fffff000 items=0 ppid=1 pid=4123
auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500
tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin"
subj=user_u:system_r:unconfined_t:s0 key=(null)
type=AVC msg=audit(1163454860.488:45): avc:  denied  { execstack } for  pid=4123
comm="firefox-bin" scontext=user_u:system_r:unconfined_t:s0
tcontext=user_u:system_r:unconfined_t:s0 tclass=process
type=SYSCALL msg=audit(1163454860.488:45): arch=40000003 syscall=125 success=no
exit=-13 a0=bfa1b000 a1=1000 a2=1000007 a3=fffff000 items=0 ppid=1 pid=4123
auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500
tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin"
subj=user_u:system_r:unconfined_t:s0 key=(null)
type=AVC msg=audit(1163454860.497:46): avc:  denied  { execstack } for  pid=4123
comm="firefox-bin" scontext=user_u:system_r:unconfined_t:s0
tcontext=user_u:system_r:unconfined_t:s0 tclass=process
type=SYSCALL msg=audit(1163454860.497:46): arch=40000003 syscall=125 success=no
exit=-13 a0=bfa1b000 a1=1000 a2=1000007 a3=fffff000 items=0 ppid=1 pid=4123
auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500
tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin"
subj=user_u:system_r:unconfined_t:s0 key=(null)
type=AVC msg=audit(1163454860.498:47): avc:  denied  { execstack } for  pid=4123
comm="firefox-bin" scontext=user_u:system_r:unconfined_t:s0
tcontext=user_u:system_r:unconfined_t:s0 tclass=process
type=SYSCALL msg=audit(1163454860.498:47): arch=40000003 syscall=125 success=no
exit=-13 a0=bfa1b000 a1=1000 a2=1000007 a3=fffff000 items=0 ppid=1 pid=4123
auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500
tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin"
subj=user_u:system_r:unconfined_t:s0 key=(null)


Version-Release number of selected component (if applicable):
firefox-2.0-2.fc7

How reproducible:
every time


Steps to Reproduce:
1. start firefox
2. browse to mail.google.com or bugzilla.redhat.com, login
3. check /var/log/audit/audit.log
  
Actual results:


Expected results:


Additional info:

Comment 1 Warren Togami 2006-11-13 22:22:52 UTC

Please do this:
1) Go to "about:plugins" in your browser.
2) Copy and paste that into a text file.
3) Attach that text file in this bug.

Comment 2 Tom London 2006-11-13 22:25:17 UTC

Created attachment 141115 [details]
Output of 'about:plugins'

Comment 3 Warren Togami 2006-11-13 22:33:16 UTC

Do the AVC's go away if you remove flash plugin?

You are using an ancient version of flash-plugin, which may be Bug #155230. 
Upgrade to 7.0.68 for the execstack problem specifically.

Text relocations can also cause AVC's in Bug #189622.  This is fixed in Adobe's
Flash 9 beta http://labs.adobe.com/technologies/flashplayer9/

Comment 4 Tom London 2006-11-13 22:45:48 UTC

Updated flash to 7.0.68.  No joy.  Still get the following logging in to gmail:

type=AVC msg=audit(1163457824.500:70): avc:  denied  { execstack } for  pid=4415
comm="firefox-bin" scontext=user_u:system_r:unconfined_t:s0
tcontext=user_u:system_r:unconfined_t:s0 tclass=process
type=SYSCALL msg=audit(1163457824.500:70): arch=40000003 syscall=125 success=no
exit=-13 a0=bf92d000 a1=1000 a2=1000007 a3=fffff000 items=0 ppid=1 pid=4415
auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500
tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin"
subj=user_u:system_r:unconfined_t:s0 key=(null)
type=AVC msg=audit(1163457824.500:71): avc:  denied  { execstack } for  pid=4415
comm="firefox-bin" scontext=user_u:system_r:unconfined_t:s0
tcontext=user_u:system_r:unconfined_t:s0 tclass=process
type=SYSCALL msg=audit(1163457824.500:71): arch=40000003 syscall=125 success=no
exit=-13 a0=bf92d000 a1=1000 a2=1000007 a3=fffff000 items=0 ppid=1 pid=4415
auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500
tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin"
subj=user_u:system_r:unconfined_t:s0 key=(null)

Will try beta 9.

Comment 5 Tom London 2006-11-13 22:50:47 UTC

No luck with beta 9.  Still get:


type=AVC msg=audit(1163458160.984:78): avc:  denied  { execstack } for  pid=4508
comm="firefox-bin" scontext=user_u:system_r:unconfined_t:s0
tcontext=user_u:system_r:unconfined_t:s0 tclass=process
type=SYSCALL msg=audit(1163458160.984:78): arch=40000003 syscall=125 success=no
exit=-13 a0=bf8ab000 a1=1000 a2=1000007 a3=fffff000 items=0 ppid=1 pid=4508
auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500
tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin"
subj=user_u:system_r:unconfined_t:s0 key=(null)
type=AVC msg=audit(1163458160.985:79): avc:  denied  { execstack } for  pid=4508
comm="firefox-bin" scontext=user_u:system_r:unconfined_t:s0
tcontext=user_u:system_r:unconfined_t:s0 tclass=process
type=SYSCALL msg=audit(1163458160.985:79): arch=40000003 syscall=125 success=no
exit=-13 a0=bf8ab000 a1=1000 a2=1000007 a3=fffff000 items=0 ppid=1 pid=4508
auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500
tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin"
subj=user_u:system_r:unconfined_t:s0 key=(null)

Here is the flash section of 'about:plugins':
Shockwave Flash

    File name: libflashplayer.so
    Shockwave Flash 9.0 d55

MIME Type 	Description 	Suffixes 	Enabled
application/x-shockwave-flash 	Shockwave Flash 	swf 	Yes
application/futuresplash 	FutureSplash Player 	spl 	Yes

Comment 6 Tom London 2006-11-13 23:09:32 UTC

Should have done this first: removed flash player altogether and still get them:

type=AVC msg=audit(1163459280.967:88): avc:  denied  { execstack } for  pid=4601
comm="firefox-bin" scontext=user_u:system_r:unconfined_t:s0
tcontext=user_u:system_r:unconfined_t:s0 tclass=process
type=SYSCALL msg=audit(1163459280.967:88): arch=40000003 syscall=125 success=no
exit=-13 a0=bfc17000 a1=1000 a2=1000007 a3=fffff000 items=0 ppid=1 pid=4601
auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500
tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin"
subj=user_u:system_r:unconfined_t:s0 key=(null)
type=AVC msg=audit(1163459280.968:89): avc:  denied  { execstack } for  pid=4601
comm="firefox-bin" scontext=user_u:system_r:unconfined_t:s0
tcontext=user_u:system_r:unconfined_t:s0 tclass=process
type=SYSCALL msg=audit(1163459280.968:89): arch=40000003 syscall=125 success=no
exit=-13 a0=bfc17000 a1=1000 a2=1000007 a3=fffff000 items=0 ppid=1 pid=4601
auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500
tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin"
subj=user_u:system_r:unconfined_t:s0 key=(null)

Comment 7 Warren Togami 2006-11-14 02:54:42 UTC

Thanks for the thorough testing.  This is definitely indicative of a regression
in rawhide firefox itself.

Comment 8 Daniel Walsh 2006-11-14 05:08:32 UTC

I am not seeing this on i386.  So this might be platform specific.

Comment 9 Tom London 2006-11-14 14:34:42 UTC

Hmmm.  I am seeing this on i386.

Could this be caused by an add-on?  Other plugin?

Comment 10 Tom London 2006-11-14 17:48:22 UTC

I think I tracked this down:

RealPlayer plugin is the villain:

Starting firefox with '-safe-mode' and entering 'about:plugins' produces the AVCs.

When this occurs, the following gets printed on the console window:
LoadPlugin: failed to initialize shared library
/usr/local/RealPlayer/mozilla/nphelix.so
[/usr/local/RealPlayer/mozilla/nphelix.so: cannot enable executable stack as
shared object requires: Permission denied]

Removing this plugin makes the problem go away.

Sorry for the false alarm.....

Note You need to log in before you can comment on or make changes to this bug.