Bug 253520 - SELinux is preventing /usr/lib/firefox-2.0.0.5/firefox-bin from changing the access protection of memory on the heap.
SELinux is preventing /usr/lib/firefox-2.0.0.5/firefox-bin from changing the ...
Status: CLOSED INSUFFICIENT_DATA
Product: Fedora
Classification: Fedora
Component: firefox-32 (Show other bugs)
7
i686 Linux
low Severity low
: ---
: ---
Assigned To: Warren Togami
Fedora Extras Quality Assurance
: SELinux
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-08-20 08:28 EDT by The Hermit
Modified: 2008-08-02 19:40 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-04-10 05:46:09 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description The Hermit 2007-08-20 08:28:36 EDT
Description of problem:

The /usr/lib/firefox-2.0.0.5/firefox-bin application attempted to change the
access protection of memory on the heap (e,g., allocated using malloc). This is
a potential security problem. Applications should not be doing this.
Applications are sometimes coded incorrectly and request this permission. The
SELinux Memory Protection Tests web page explains how to remove this
requirement. If /usr/lib/firefox-2.0.0.5/firefox-bin does not work and you need
it to work, you can configure SELinux temporarily to allow this access until the
application is fixed. Please file a bug report against this package.
Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:

Source Context:  root:system_r:unconfined_t:SystemLow-SystemHighTarget 

Context:  root:system_r:unconfined_t:SystemLow-SystemHighTarget Objects:  None [
process ]Affected RPM Packages:  firefox-2.0.0.5-1.fc7 [application]Policy 

RPM:  selinux-policy-2.6.4-33.fc7Selinux Enabled:  TruePolicy Type:  targetedMLS 

Enabled:  TrueEnforcing Mode:  PermissivePlugin
Name:  plugins.allow_execheapHost Name:  localhost.localdomainPlatform:  Linux
localhost.localdomain 2.6.22.1-41.fc7 #1 SMP Fri Jul 27 18:10:34 EDT 2007 i686
i686Alert Count:  1First Seen:  Mon 20 Aug 2007 07:19:35 AM CDTLast Seen:  Mon
20 Aug 2007 07:19:35 AM CDTLocal ID:  f70189fa-9d90-4022-8417-9e6e4f2cceafLine
Numbers:  Raw Audit Messages :avc: denied { execheap } for comm="firefox-bin"
egid=0 euid=0 exe="/usr/lib/firefox-2.0.0.5/firefox-bin" exit=0 fsgid=0 fsuid=0
gid=0 items=0 pid=10835 scontext=root:system_r:unconfined_t:s0-s0:c0.c1023
sgid=0 subj=root:system_r:unconfined_t:s0-s0:c0.c1023 suid=0 tclass=process
tcontext=root:system_r:unconfined_t:s0-s0:c0.c1023 tty=(none) uid=0
Comment 1 Matěj Cepl 2008-03-06 12:25:07 EST
Reporter, have you reproduced this bug with the current update of your system?
Comment 2 Matěj Cepl 2008-04-10 05:46:09 EDT
Since there are insufficient details provided in this report for us to
investigate the issue further, and we have not received feedback to the
information we have requested above, we will assume the problem was not
reproducible, or has been fixed in one of the updates we have released for the
reporter's distribution.

Users who have experienced this problem are encouraged to upgrade to the latest
update of their distribution, and if this issue turns out to still be
reproducible in the latest update, please reopen this bug with additional
information.

Closing as INSUFFICIENT_DATA.

Note You need to log in before you can comment on or make changes to this bug.