This service will be undergoing maintenance at 00:00 UTC, 2016-09-28. It is expected to last about 1 hours
Bug 297501 - Unable to read pdf with acrobat from firefox
Unable to read pdf with acrobat from firefox
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
7
All Linux
low Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-09-20 03:34 EDT by Dave Pawson
Modified: 2007-11-30 17:12 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-09-21 15:07:53 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Dave Pawson 2007-09-20 03:34:48 EDT
Description of problem: Web page, read with firefox. Link to pdf document.
I've set ff to open acroread when I open a PDF document.


Version-Release number of selected component (if applicable):


How reproducible: Open a pdf document with selinux set on.


Steps to Reproduce:
1. double click a pdf document
2.
3.
  
Actual results:


Expected results:
The /usr/lib/firefox-2.0.0.5/firefox-bin application attempted to load
/usr/lib/mozilla/plugins/nppdf.so which requires text relocation. This is a
potential security problem. Most libraries do not need this permission.
Libraries are sometimes coded incorrectly and request this permission. The
SELinux Memory Protection Tests web page explains how to remove this
requirement. You can configure SELinux temporarily to allow
/usr/lib/mozilla/plugins/nppdf.so to use relocation as a workaround, until the
library is fixed. Please file a bug report against this package.

Additional info:
Comment 1 Daniel Walsh 2007-09-21 15:07:53 EDT
If you moved this file here, you need to label it correctly.


Currently adobe has a bug where they build this incorrectly.

We have labeling setup for this in the default locations.
/usr/(local/)?Adobe/(.*/)?intellinux/nppdf\.so  --     
system_u:object_r:textrel_shlib_t:s0
/usr/(local/)?acroread/(.*/)?intellinux/nppdf\.so       --     
system_u:object_r:textrel_shlib_t:s0
/usr/lib/acroread/(.*/)?nppdf\.so       --      system_u:object_r:textrel_shlib_t:s0

You can add a context for this new location if you want.

# semanage fcontext -a -t textrel_shlib_t /usr/lib/mozilla/plugins/nppdf.so
# restorecon /usr/lib/mozilla/plugins/nppdf.so

I am closing this as not a bug since I don't believe this is a default location
for this file.
Comment 2 Dave Pawson 2007-09-22 00:55:59 EDT
"If you moved this file here, you need to label it correctly."

What does that mean?

What is 'this'
Where is 'here'

Which file, and where do you think it should be?

Comment 3 Daniel Walsh 2007-09-22 07:52:46 EDT
The /usr/lib/mozilla/plugins/nppdf.so file from adobe (I think) has been built
incorrectly, so it is requiring a special label.  (textrel_shlib_t.)

I have only seen this shipped in locations that match this path.

/usr/(local/)?acroread/(.*/)?intellinux/nppdf\.so
/usr/(local/)?Adobe/(.*/)?intellinux/nppdf\.so

So I am do not know how this file got to the location it is on your machine.  If
you execute the commands semanage/restorecon commands above, it will work for you.

I am questioning how this file got to /usr/lib/mozilla/plugins/nppdf.so

What does
rpm -qf /usr/lib/mozilla/plugins/nppdf.so
show?
Comment 4 Dave Pawson 2007-09-22 10:09:34 EDT
file /usr/lib/mozilla/plugins/nppdf.so is not owned by any package
Not helpful is it!

IIRC I installed it from the Adobe website, so I'm unsure how
you can criticize the way its been built, it is their product?

regards 
Comment 5 Daniel Walsh 2007-09-24 15:21:28 EDT
Ok, You can change the file context using the commands described above and that
should fix it.

# semanage fcontext -a -t textrel_shlib_t /usr/lib/mozilla/plugins/nppdf.so
# restorecon /usr/lib/mozilla/plugins/nppdf.so

Or get their rpm's and install them.  Which will set the labeling correct.

http://people.redhat.com/~drepper/selinux-mem.html

explains the problem in how they built their library.

Note You need to log in before you can comment on or make changes to this bug.