Bug 215424 - firefox generates 'execstack' AVCs logging in to bugzilla/gmail
firefox generates 'execstack' AVCs logging in to bugzilla/gmail
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: firefox (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Christopher Aillon
:
Depends On:
Blocks: FC7Blocker
  Show dependency treegraph
 
Reported: 2006-11-13 16:59 EST by Tom London
Modified: 2007-11-30 17:11 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-11-14 12:48:22 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Output of 'about:plugins' (2.02 KB, text/plain)
2006-11-13 17:25 EST, Tom London
no flags Details

  None (edit)
Description Tom London 2006-11-13 16:59:25 EST
Description of problem:
Running targeted/enforcing, logging in to fedora bugzilla or gmail causes
firefox to generate SELinux execstack AVCs:

type=AVC msg=audit(1163454858.017:40): avc:  denied  { execstack } for  pid=4123
comm="firefox-bin" scontext=user_u:system_r:unconfined_t:s0
tcontext=user_u:system_r:unconfined_t:s0 tclass=process
type=SYSCALL msg=audit(1163454858.017:40): arch=40000003 syscall=125 success=no
exit=-13 a0=bfa1b000 a1=1000 a2=1000007 a3=fffff000 items=0 ppid=1 pid=4123
auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500
tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin"
subj=user_u:system_r:unconfined_t:s0 key=(null)
type=AVC msg=audit(1163454858.018:41): avc:  denied  { execstack } for  pid=4123
comm="firefox-bin" scontext=user_u:system_r:unconfined_t:s0
tcontext=user_u:system_r:unconfined_t:s0 tclass=process
type=SYSCALL msg=audit(1163454858.018:41): arch=40000003 syscall=125 success=no
exit=-13 a0=bfa1b000 a1=1000 a2=1000007 a3=fffff000 items=0 ppid=1 pid=4123
auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500
tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin"
subj=user_u:system_r:unconfined_t:s0 key=(null)
type=AVC msg=audit(1163454860.483:42): avc:  denied  { execstack } for  pid=4123
comm="firefox-bin" scontext=user_u:system_r:unconfined_t:s0
tcontext=user_u:system_r:unconfined_t:s0 tclass=process
type=SYSCALL msg=audit(1163454860.483:42): arch=40000003 syscall=125 success=no
exit=-13 a0=bfa1b000 a1=1000 a2=1000007 a3=fffff000 items=0 ppid=1 pid=4123
auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500
tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin"
subj=user_u:system_r:unconfined_t:s0 key=(null)
type=AVC msg=audit(1163454860.483:43): avc:  denied  { execstack } for  pid=4123
comm="firefox-bin" scontext=user_u:system_r:unconfined_t:s0
tcontext=user_u:system_r:unconfined_t:s0 tclass=process
type=SYSCALL msg=audit(1163454860.483:43): arch=40000003 syscall=125 success=no
exit=-13 a0=bfa1b000 a1=1000 a2=1000007 a3=fffff000 items=0 ppid=1 pid=4123
auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500
tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin"
subj=user_u:system_r:unconfined_t:s0 key=(null)
type=AVC msg=audit(1163454860.488:44): avc:  denied  { execstack } for  pid=4123
comm="firefox-bin" scontext=user_u:system_r:unconfined_t:s0
tcontext=user_u:system_r:unconfined_t:s0 tclass=process
type=SYSCALL msg=audit(1163454860.488:44): arch=40000003 syscall=125 success=no
exit=-13 a0=bfa1b000 a1=1000 a2=1000007 a3=fffff000 items=0 ppid=1 pid=4123
auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500
tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin"
subj=user_u:system_r:unconfined_t:s0 key=(null)
type=AVC msg=audit(1163454860.488:45): avc:  denied  { execstack } for  pid=4123
comm="firefox-bin" scontext=user_u:system_r:unconfined_t:s0
tcontext=user_u:system_r:unconfined_t:s0 tclass=process
type=SYSCALL msg=audit(1163454860.488:45): arch=40000003 syscall=125 success=no
exit=-13 a0=bfa1b000 a1=1000 a2=1000007 a3=fffff000 items=0 ppid=1 pid=4123
auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500
tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin"
subj=user_u:system_r:unconfined_t:s0 key=(null)
type=AVC msg=audit(1163454860.497:46): avc:  denied  { execstack } for  pid=4123
comm="firefox-bin" scontext=user_u:system_r:unconfined_t:s0
tcontext=user_u:system_r:unconfined_t:s0 tclass=process
type=SYSCALL msg=audit(1163454860.497:46): arch=40000003 syscall=125 success=no
exit=-13 a0=bfa1b000 a1=1000 a2=1000007 a3=fffff000 items=0 ppid=1 pid=4123
auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500
tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin"
subj=user_u:system_r:unconfined_t:s0 key=(null)
type=AVC msg=audit(1163454860.498:47): avc:  denied  { execstack } for  pid=4123
comm="firefox-bin" scontext=user_u:system_r:unconfined_t:s0
tcontext=user_u:system_r:unconfined_t:s0 tclass=process
type=SYSCALL msg=audit(1163454860.498:47): arch=40000003 syscall=125 success=no
exit=-13 a0=bfa1b000 a1=1000 a2=1000007 a3=fffff000 items=0 ppid=1 pid=4123
auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500
tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin"
subj=user_u:system_r:unconfined_t:s0 key=(null)


Version-Release number of selected component (if applicable):
firefox-2.0-2.fc7

How reproducible:
every time


Steps to Reproduce:
1. start firefox
2. browse to mail.google.com or bugzilla.redhat.com, login
3. check /var/log/audit/audit.log
  
Actual results:


Expected results:


Additional info:
Comment 1 Warren Togami 2006-11-13 17:22:52 EST
Please do this:
1) Go to "about:plugins" in your browser.
2) Copy and paste that into a text file.
3) Attach that text file in this bug.
Comment 2 Tom London 2006-11-13 17:25:17 EST
Created attachment 141115 [details]
Output of 'about:plugins'
Comment 3 Warren Togami 2006-11-13 17:33:16 EST
Do the AVC's go away if you remove flash plugin?

You are using an ancient version of flash-plugin, which may be Bug #155230. 
Upgrade to 7.0.68 for the execstack problem specifically.

Text relocations can also cause AVC's in Bug #189622.  This is fixed in Adobe's
Flash 9 beta http://labs.adobe.com/technologies/flashplayer9/
Comment 4 Tom London 2006-11-13 17:45:48 EST
Updated flash to 7.0.68.  No joy.  Still get the following logging in to gmail:

type=AVC msg=audit(1163457824.500:70): avc:  denied  { execstack } for  pid=4415
comm="firefox-bin" scontext=user_u:system_r:unconfined_t:s0
tcontext=user_u:system_r:unconfined_t:s0 tclass=process
type=SYSCALL msg=audit(1163457824.500:70): arch=40000003 syscall=125 success=no
exit=-13 a0=bf92d000 a1=1000 a2=1000007 a3=fffff000 items=0 ppid=1 pid=4415
auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500
tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin"
subj=user_u:system_r:unconfined_t:s0 key=(null)
type=AVC msg=audit(1163457824.500:71): avc:  denied  { execstack } for  pid=4415
comm="firefox-bin" scontext=user_u:system_r:unconfined_t:s0
tcontext=user_u:system_r:unconfined_t:s0 tclass=process
type=SYSCALL msg=audit(1163457824.500:71): arch=40000003 syscall=125 success=no
exit=-13 a0=bf92d000 a1=1000 a2=1000007 a3=fffff000 items=0 ppid=1 pid=4415
auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500
tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin"
subj=user_u:system_r:unconfined_t:s0 key=(null)

Will try beta 9.

Comment 5 Tom London 2006-11-13 17:50:47 EST
No luck with beta 9.  Still get:


type=AVC msg=audit(1163458160.984:78): avc:  denied  { execstack } for  pid=4508
comm="firefox-bin" scontext=user_u:system_r:unconfined_t:s0
tcontext=user_u:system_r:unconfined_t:s0 tclass=process
type=SYSCALL msg=audit(1163458160.984:78): arch=40000003 syscall=125 success=no
exit=-13 a0=bf8ab000 a1=1000 a2=1000007 a3=fffff000 items=0 ppid=1 pid=4508
auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500
tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin"
subj=user_u:system_r:unconfined_t:s0 key=(null)
type=AVC msg=audit(1163458160.985:79): avc:  denied  { execstack } for  pid=4508
comm="firefox-bin" scontext=user_u:system_r:unconfined_t:s0
tcontext=user_u:system_r:unconfined_t:s0 tclass=process
type=SYSCALL msg=audit(1163458160.985:79): arch=40000003 syscall=125 success=no
exit=-13 a0=bf8ab000 a1=1000 a2=1000007 a3=fffff000 items=0 ppid=1 pid=4508
auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500
tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin"
subj=user_u:system_r:unconfined_t:s0 key=(null)

Here is the flash section of 'about:plugins':
Shockwave Flash

    File name: libflashplayer.so
    Shockwave Flash 9.0 d55

MIME Type 	Description 	Suffixes 	Enabled
application/x-shockwave-flash 	Shockwave Flash 	swf 	Yes
application/futuresplash 	FutureSplash Player 	spl 	Yes

Comment 6 Tom London 2006-11-13 18:09:32 EST
Should have done this first: removed flash player altogether and still get them:

type=AVC msg=audit(1163459280.967:88): avc:  denied  { execstack } for  pid=4601
comm="firefox-bin" scontext=user_u:system_r:unconfined_t:s0
tcontext=user_u:system_r:unconfined_t:s0 tclass=process
type=SYSCALL msg=audit(1163459280.967:88): arch=40000003 syscall=125 success=no
exit=-13 a0=bfc17000 a1=1000 a2=1000007 a3=fffff000 items=0 ppid=1 pid=4601
auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500
tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin"
subj=user_u:system_r:unconfined_t:s0 key=(null)
type=AVC msg=audit(1163459280.968:89): avc:  denied  { execstack } for  pid=4601
comm="firefox-bin" scontext=user_u:system_r:unconfined_t:s0
tcontext=user_u:system_r:unconfined_t:s0 tclass=process
type=SYSCALL msg=audit(1163459280.968:89): arch=40000003 syscall=125 success=no
exit=-13 a0=bfc17000 a1=1000 a2=1000007 a3=fffff000 items=0 ppid=1 pid=4601
auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500
tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin"
subj=user_u:system_r:unconfined_t:s0 key=(null)

Comment 7 Warren Togami 2006-11-13 21:54:42 EST
Thanks for the thorough testing.  This is definitely indicative of a regression
in rawhide firefox itself.
Comment 8 Daniel Walsh 2006-11-14 00:08:32 EST
I am not seeing this on i386.  So this might be platform specific.
Comment 9 Tom London 2006-11-14 09:34:42 EST
Hmmm.  I am seeing this on i386.

Could this be caused by an add-on?  Other plugin?
Comment 10 Tom London 2006-11-14 12:48:22 EST
I think I tracked this down:

RealPlayer plugin is the villain:

Starting firefox with '-safe-mode' and entering 'about:plugins' produces the AVCs.

When this occurs, the following gets printed on the console window:
LoadPlugin: failed to initialize shared library
/usr/local/RealPlayer/mozilla/nphelix.so
[/usr/local/RealPlayer/mozilla/nphelix.so: cannot enable executable stack as
shared object requires: Permission denied]

Removing this plugin makes the problem go away.

Sorry for the false alarm.....

Note You need to log in before you can comment on or make changes to this bug.