527040 – setroubleshoot: Your system may be seriously compromised! /usr/sbin/ntpd attempted to mmap low kernel memory.

Bug 527040 - setroubleshoot: Your system may be seriously compromised! /usr/sbin/ntpd attempted to mmap low kernel memory.

Summary: setroubleshoot: Your system may be seriously compromised! /usr/sbin/ntpd...

Keywords:
Status:	CLOSED DUPLICATE of bug 525537
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	selinux-policy
Sub Component:
Version:	rawhide
Hardware:	x86_64
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Eric Paris
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:	setroubleshoot_trace_hash:6e8b3d6f3be...
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2009-10-03 15:28 UTC by Matěj Cepl
Modified:	2018-04-11 06:52 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2009-10-05 14:12:21 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Matěj Cepl 2009-10-03 15:28:55 UTC

The following was filed automatically by setroubleshoot:

Souhrn:

Your system may be seriously compromised! /usr/sbin/ntpd attempted to mmap low
kernel memory.

Podrobný popis:

[SELinux is in permissive mode. This access was not denied.]

SELinux has denied the ntpd the ability to mmap low area of the kernel address
space. The ability to mmap a low area of the address space, as configured by
/proc/sys/kernel/mmap_min_addr. Preventing such mappings helps protect against
exploiting null deref bugs in the kernel. All applications that need this access
should have already had policy written for them. If a compromised application
tries modify the kernel this AVC would be generated. This is a serious issue.
Your system may very well be compromised.

Povolení přístupu:

Contact your security administrator and report this issue.

Další informace:

Kontext zdroje                system_u:system_r:ntpd_t:s0
Kontext cíle                 system_u:system_r:ntpd_t:s0
Objekty cíle                 None [ memprotect ]
Zdroj                         ntpd
Cesta zdroje                  /usr/sbin/ntpd
Port                          <Neznámé>
Počítač                    (removed)
RPM balíčky zdroje          ntp-4.2.4p7-6.fc12
RPM balíčky cíle           
RPM politiky                  selinux-policy-3.6.32-12.fc12
Selinux povolen               True
Typ politiky                  targeted
MLS povoleno                  True
Vynucovací režim            Permissive
Název zásuvného modulu     mmap_zero
Název počítače            (removed)
Platforma                     Linux (removed) 2.6.31.1-56.fc12.x86_64 #1 SMP Tue
                              Sep 29 16:16:22 EDT 2009 x86_64 x86_64
Počet upozornění           1
Poprvé viděno               So 3. říjen 2009, 17:23:00 CEST
Naposledy viděno             So 3. říjen 2009, 17:23:00 CEST
Místní ID                   e4ba885d-aabe-41a2-a421-0e9c5f840f1a
Čísla řádků              

Původní zprávy auditu      

node=(removed) type=AVC msg=audit(1254583380.806:10): avc:  denied  { mmap_zero } for  pid=1662 comm="ntpd" scontext=system_u:system_r:ntpd_t:s0 tcontext=system_u:system_r:ntpd_t:s0 tclass=memprotect

node=(removed) type=SYSCALL msg=audit(1254583380.806:10): arch=c000003e syscall=125 success=no exit=-14 a0=7ffff7e32284 a1=0 a2=7ffff5dc0e80 a3=7fffdfe00600 items=0 ppid=1 pid=1662 auid=4294967295 uid=38 gid=38 euid=38 suid=38 fsuid=38 egid=38 sgid=38 fsgid=38 tty=(none) ses=4294967295 comm="ntpd" exe="/usr/sbin/ntpd" subj=system_u:system_r:ntpd_t:s0 key=(null)



Hash String generated from  selinux-policy-3.6.32-12.fc12,mmap_zero,ntpd,ntpd_t,ntpd_t,memprotect,mmap_zero
audit2allow suggests:

#============= ntpd_t ==============
allow ntpd_t self:memprotect mmap_zero;

Comment 1 Eric Paris 2009-10-05 14:12:21 UTC


*** This bug has been marked as a duplicate of bug 525537 ***

Note You need to log in before you can comment on or make changes to this bug.