Bug 514980 - Your system may be seriously compromised!
Your system may be seriously compromised!
Status: CLOSED WORKSFORME
Product: Fedora
Classification: Fedora
Component: bind (Show other bugs)
rawhide
All Linux
low Severity medium
: ---
: ---
Assigned To: Adam Tkac
Fedora Extras Quality Assurance
:
Depends On:
Blocks: F12Blocker/F12FinalBlocker
  Show dependency treegraph
 
Reported: 2009-07-31 14:29 EDT by Nicolas Mailhot
Modified: 2013-04-30 19:44 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-08-06 07:11:26 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Nicolas Mailhot 2009-07-31 14:29:48 EDT
Your system may be seriously compromised!

SELinux has denied the named the ability to mmap low area of the kernel address space. The ability to mmap a low area of the address space, as configured by /proc/sys/kernel/mmap_min_addr. Preventing such mappings helps protect against exploiting null deref bugs in the kernel. All applications that need this access should have already had policy written for them. If a compromised application tries modify the kernel this AVC would be generated. This is a serious issue. Your system may very well be compromised.

Contact your security administrator and report this issue.


Contexte source:  unconfined_u:system_r:named_t:s0
Contexte cible:  unconfined_u:system_r:named_t:s0
Objets du contexte:  None [ memprotect ]source:  named
Chemin de la source:  /usr/sbin/namedPort:  <Inconnu>
Hôte:  
Paquetages RPM source:  bind-9.6.1-6.P1.fc12
Paquetages RPM cible:  
Politique RPM:  selinux-policy-3.6.26-2.fc12
Selinux activé:  True
Type de politique:  targeted
MLS activé:  True
Mode strict:  Enforcing
Nom du plugin:  mmap_zero
Nom de l'hôte:  
Plateforme:  Linux  2.6.31-0.112.rc4.git3.fc12.x86_64 #1 SMP Thu Jul 30 15:29:28 EDT 2009 x86_64 x86_64
Compteur d'alertes:  12
Première alerte:  ven. 31 juil. 2009 20:19:00 CEST
Dernière alerte:  ven. 31 juil. 2009 20:19:00 CEST
ID local:  f0c205ff-5c07-40c7-b0c0-bb040db09024
Numéros des lignes:  
Messages d'audit bruts :

node= type=AVC msg=audit(1249064340.25:68): avc: denied { mmap_zero } for pid=2844 comm="named" scontext=unconfined_u:system_r:named_t:s0 tcontext=unconfined_u:system_r:named_t:s0 tclass=memprotect

node= type=AVC msg=audit(1249064340.25:68): avc: denied { mmap_zero } for pid=2844 comm="named" scontext=unconfined_u:system_r:named_t:s0 tcontext=unconfined_u:system_r:named_t:s0 tclass=memprotect

node= type=AVC msg=audit(1249064340.25:68): avc: denied { mmap_zero } for pid=2844 comm="named" scontext=unconfined_u:system_r:named_t:s0 tcontext=unconfined_u:system_r:named_t:s0 tclass=memprotect

node= type=SYSCALL msg=audit(1249064340.25:68): arch=c000003e syscall=125 success=yes exit=0 a0=7fffdf697374 a1=0 a2=7fffdbf1fe80 a3=24 items=0 ppid=2843 pid=2844 auid=500 uid=25 gid=25 euid=25 suid=25 fsuid=25 egid=25 sgid=25 fsgid=25 tty=(none) ses=1 comm="named" exe="/usr/sbin/named" subj=unconfined_u:system_r:named_t:s0 key=(null)
Comment 1 Adam Tkac 2009-08-04 10:54:10 EDT
Would it be possible to tell me how did you reproduced this issue, please? I have installed:

bind-9.6.1-6.P1.fc12.x86_64
selinux-policy-targeted-3.6.26-2.fc12.noarch

and I'm running on 2.6.31-0.118.rc5.fc12.x86_64 kernel with no SELinux denial.
Comment 2 Nicolas Mailhot 2009-08-05 03:21:05 EDT
If I can reproduce it I'll post the info. There have been several selinux, bind and glibc updates in rawhide since
Comment 3 Adam Tkac 2009-08-06 07:11:26 EDT
(In reply to comment #2)
> If I can reproduce it I'll post the info. There have been several selinux, bind
> and glibc updates in rawhide since  

Ok, if it happens again please reopen this issue. For not I'm closing this ticket.

Note You need to log in before you can comment on or make changes to this bug.