Red Hat Bugzilla – Bug 250879
SELinux-Boolean-Memory Protection Lines Allowed By Default
Last modified: 2007-11-30 17:12:12 EST
Description of problem:
By default, two SELinux-Boolean-Memory Protection lines are "allowed":
1 - "Allow unconfined executables to make their stack executable"
2 - "Allow Unconfined Executables to map a memory region as both executable and
writable". Both lines include warnings to the effect that, if allowed, "this
executable" should be reported to bugzilla. I reported this same situation as
Bug#235103 for Fedora Core 6, but didn't have any additional information to add
to that bug report. That report is now closed.
Version-Release number of selected component (if applicable):
New install, with default packages installed.
Created attachment 160684 [details]
I didn't realize that when the new install of Fedora 7 updated, SELinux Policy
also updated. The correct version is: 2.6.4-30.fc7.
This is intended for FC7 to have these turned on. The problem is lots of
applications have this bad behavior built into them, and we wanted to give
applications a chance to fix these problems. Currently Rawhide/FC8 has them
turned off by default.
Here is the response from the Livna Bugzilla team concerning the SELinux lines
"Thx for this feedback Rqbert L. Kief !
That was hard but now this issue have to be documented!
Maybe we (Steward and I) can raise this problem to nvidia; but until then, we
need to have this info written in our Fedora forums...
I will update the french wiki as soon as i'm back from vacation..."
Obviously, they were unaware of the SELinux-Memory Protection issue. Would I be
correct in assuming that the various bugzilla groups depend on the users to let
them know of these interconnected problems? Would that be the reason that the
warning text was left on the indicated lines in the Memory Protection area?
This is the only way to bring these problems to the attention of the required