510619 – The pidgin application attempted to make its stack executable.

Bug 510619 - The pidgin application attempted to make its stack executable.

Summary: The pidgin application attempted to make its stack executable.

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	pidgin
Sub Component:
Version:	rawhide
Hardware:	All
OS:	Linux
Priority:	low
Severity:	medium
Target Milestone:	---
Assignee:	Warren Togami
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	F12Target
TreeView+	depends on / blocked

Reported:	2009-07-09 21:27 UTC by Nicolas Mailhot
Modified:	2009-11-09 20:17 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2009-11-09 20:17:34 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Nicolas Mailhot 2009-07-09 21:27:22 UTC

The pidgin application attempted to make its stack executable. This is a potential security problem. This should never ever be necessary. Stack memory is not executable on most OSes these days and this will not change. Executable stack memory is one of the biggest security problems. An execstack error might in fact be most likely raised by malicious code. Applications are sometimes coded incorrectly and request this permission. The SELinux Memory Protection Tests web page explains how to remove this requirement. If pidgin does not work and you need it to work, you can configure SELinux temporarily to allow this access until the application is fixed. Please file a bug report against this package. 


node= type=AVC msg=audit(1246799189.946:33821): avc: denied { execstack } for pid=11601 comm="pidgin" scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=process node=arekh.okg type=SYSCALL msg=audit(1246799189.946:33821): arch=c000003e syscall=10 success=yes exit=0 a0=7ffffa8fc000 a1=1000 a2=1000007 a3=37f6a1a121 items=0 ppid=11478 pid=11601 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=15 comm="pidgin" exe="/usr/bin/pidgin" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) 

pidgin-2.5.8-1.fc12
selinux-policy-3.6.20-2.fc12

Comment 1 Warren Togami 2009-07-09 22:58:53 UTC

Are you using any plugins not shipped within pidgin itself?

Comment 2 Nicolas Mailhot 2009-07-10 00:06:46 UTC

No. Pure week-old fedora install with nothing pidgin-related added

Comment 3 Warren Togami 2009-10-20 22:42:50 UTC

Still an issue now?

Comment 4 Nicolas Mailhot 2009-10-21 17:14:44 UTC

I haven't seen it lately, not sure if the bug was actually fixed or selinux silenced

Comment 5 Warren Togami 2009-11-09 20:17:34 UTC

assuming fixed

Note You need to log in before you can comment on or make changes to this bug.