Bug 322231 - firefox triggers selinux execheap alert
firefox triggers selinux execheap alert
Status: CLOSED INSUFFICIENT_DATA
Product: Fedora
Classification: Fedora
Component: firefox (Show other bugs)
7
i386 Linux
low Severity low
: ---
: ---
Assigned To: Christopher Aillon
Fedora Extras Quality Assurance
firefox3INSUFFICIENT_DATAmassClosing
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-10-07 11:53 EDT by Eugene Kanter
Modified: 2008-04-09 10:05 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-04-09 10:05:17 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Eugene Kanter 2007-10-07 11:53:18 EDT
F7 completely updated.

Description of problem:
Summary
    SELinux is preventing /usr/lib/firefox-2.0.0.5/firefox-bin from changing the
    access protection of memory on the heap.

Detailed Description
    The /usr/lib/firefox-2.0.0.5/firefox-bin application attempted to change the
    access protection of memory on the heap (e,g., allocated using malloc).
    This is a potential security problem.  Applications should not be doing
    this. Applications are sometimes coded incorrectly and request this
    permission.  The http://people.redhat.com/drepper/selinux-mem.html web page
    explains how to remove this requirement.  If /usr/lib/firefox-2.0.0.5
    /firefox-bin does not work and you need it to work, you can configure
    SELinux temporarily to allow this access until the application is fixed.
    Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this
    package.

Version-Release number of selected component (if applicable):

firefox-2.0.0.5-1.fc7

How reproducible:

unknown

Steps to Reproduce:

Started firefox as root, accessed www.suncast.com and then fence products

Additional information:
Additional Information        

Source Context                root:system_r:unconfined_t:SystemLow-SystemHigh
Target Context                root:system_r:unconfined_t:SystemLow-SystemHigh
Target Objects                None [ process ]
Affected RPM Packages         firefox-2.0.0.5-1.fc7 [application]
Policy RPM                    selinux-policy-2.6.4-45.fc7
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   plugins.allow_execheap
Host Name                     sklad
Platform                      Linux sklad 2.6.22.9-91.fc7 #1 SMP Thu Sep 27
                              23:10:59 EDT 2007 i686 athlon
Alert Count                   1
First Seen                    Sun 07 Oct 2007 11:19:22 AM EDT
Last Seen                     Sun 07 Oct 2007 11:19:22 AM EDT
Local ID                      189ce4ef-38e4-485b-8699-d9351eed8022
Line Numbers                  

Raw Audit Messages            

avc: denied { execheap } for comm="firefox-bin" egid=0 euid=0
exe="/usr/lib/firefox-2.0.0.5/firefox-bin" exit=-13 fsgid=0 fsuid=0 gid=0
items=0 pid=6280 scontext=root:system_r:unconfined_t:s0-s0:c0.c1023 sgid=0
subj=root:system_r:unconfined_t:s0-s0:c0.c1023 suid=0 tclass=process
tcontext=root:system_r:unconfined_t:s0-s0:c0.c1023 tty=(none) uid=0
Comment 1 Matěj Cepl 2008-02-21 17:34:49 EST
At this point, we're going to only be taking security fixes and major stability
fixes into this release of Fedora.  However, we still want to ensure the bug is
fixed in the next version.  We'd appreciate if you could test Firefox 3,
available at http://www.mozilla.com/en-US/firefox/all-beta.html or now shipping
as the default in Fedora rawhide and provide feedback as to whether it still
exists so we can file a ticket upstream to try to fix it in Firefox 3 before it
is released.
Comment 2 Matěj Cepl 2008-02-21 17:36:08 EST
At this point, we're going to only be taking security fixes and major stability
fixes into this release of Fedora.  However, we still want to ensure the bug is
fixed in the next version.  We'd appreciate if you could test Firefox 3,
available at http://www.mozilla.com/en-US/firefox/all-beta.html or now shipping
as the default in Fedora rawhide and provide feedback as to whether it still
exists so we can file a ticket upstream to try to fix it in Firefox 3 before it
is released.
Comment 3 Matěj Cepl 2008-04-09 10:05:17 EDT
Since there are insufficient details provided in this report for us to
investigate the issue further, and we have not received feedback to the
information we have requested above, we will assume the problem was not
reproducible, or has been fixed in one of the updates we have released for the
reporter's distribution.

Users who have experienced this problem are encouraged to upgrade to the latest
update of their distribution, and if this issue turns out to still be
reproducible in the latest update, please reopen this bug with additional
information.

Closing as INSUFFICIENT_DATA.

[This is a mass-closing request, if you think that this bug shouldn't be closed,
please, reopen with additional information.]

Note You need to log in before you can comment on or make changes to this bug.