Bug 510619 - The pidgin application attempted to make its stack executable.
The pidgin application attempted to make its stack executable.
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: pidgin (Show other bugs)
rawhide
All Linux
low Severity medium
: ---
: ---
Assigned To: Warren Togami
Fedora Extras Quality Assurance
:
Depends On:
Blocks: F12Target
  Show dependency treegraph
 
Reported: 2009-07-09 17:27 EDT by Nicolas Mailhot
Modified: 2009-11-09 15:17 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-11-09 15:17:34 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Nicolas Mailhot 2009-07-09 17:27:22 EDT
The pidgin application attempted to make its stack executable. This is a potential security problem. This should never ever be necessary. Stack memory is not executable on most OSes these days and this will not change. Executable stack memory is one of the biggest security problems. An execstack error might in fact be most likely raised by malicious code. Applications are sometimes coded incorrectly and request this permission. The SELinux Memory Protection Tests web page explains how to remove this requirement. If pidgin does not work and you need it to work, you can configure SELinux temporarily to allow this access until the application is fixed. Please file a bug report against this package. 


node= type=AVC msg=audit(1246799189.946:33821): avc: denied { execstack } for pid=11601 comm="pidgin" scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=process node=arekh.okg type=SYSCALL msg=audit(1246799189.946:33821): arch=c000003e syscall=10 success=yes exit=0 a0=7ffffa8fc000 a1=1000 a2=1000007 a3=37f6a1a121 items=0 ppid=11478 pid=11601 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=15 comm="pidgin" exe="/usr/bin/pidgin" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) 

pidgin-2.5.8-1.fc12
selinux-policy-3.6.20-2.fc12
Comment 1 Warren Togami 2009-07-09 18:58:53 EDT
Are you using any plugins not shipped within pidgin itself?
Comment 2 Nicolas Mailhot 2009-07-09 20:06:46 EDT
No. Pure week-old fedora install with nothing pidgin-related added
Comment 3 Warren Togami 2009-10-20 18:42:50 EDT
Still an issue now?
Comment 4 Nicolas Mailhot 2009-10-21 13:14:44 EDT
I haven't seen it lately, not sure if the bug was actually fixed or selinux silenced
Comment 5 Warren Togami 2009-11-09 15:17:34 EST
assuming fixed

Note You need to log in before you can comment on or make changes to this bug.