590426 – SELinux is preventing /sbin/rpcbind access to a leaked /bin/sh file descriptor.

Bug 590426 - SELinux is preventing /sbin/rpcbind access to a leaked /bin/sh file descriptor.

Summary: SELinux is preventing /sbin/rpcbind access to a leaked /bin/sh file descriptor.

Status:	CLOSED WONTFIX
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	rpcbind
Sub Component:
Version:	13
Hardware:	x86_64
OS:	Linux
Priority:	low
Severity:	medium
Target Milestone:	---
Assignee:	Steve Dickson
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:	setroubleshoot_trace_hash:b2eca3596eb...
Keywords:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2010-05-09 13:51 UTC by guy carmin
Modified:	2011-06-27 16:11 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:
Doc Text:	(edit)
Clone Of:
Environment:	(edit)
Last Closed:	2011-06-27 16:11:59 UTC
Dependent Products:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description guy carmin 2010-05-09 13:51:28 UTC

Summary:

SELinux is preventing /sbin/rpcbind access to a leaked /bin/sh file descriptor.

Detailed Description:

SELinux denied access requested by the rpcbind command. It looks like this is
either a leaked descriptor or rpcbind output was redirected to a file it is not
allowed to access. Leaks usually can be ignored since SELinux is just closing
the leak and reporting the error. The application does not use the descriptor,
so it will run properly. If this is a redirection, you will not get output in
the /bin/sh. You should generate a bugzilla on selinux-policy, and it will get
routed to the appropriate package. You can safely ignore this avc.

Allowing Access:

You can generate a local policy module to allow this access - see FAQ
(http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385)

Additional Information:

Source Context                system_u:system_r:rpcbind_t:s0
Target Context                system_u:object_r:bin_t:s0
Target Objects                /bin/sh [ lnk_file ]
Source                        rpcbind
Source Path                   /sbin/rpcbind
Port                          <Unknown>
Host                          (removed)
Source RPM Packages           rpcbind-0.2.0-4.fc12
Target RPM Packages           bash-4.1.2-4.fc13
Policy RPM                    selinux-policy-3.7.19-10.fc13
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Plugin Name                   leaks
Host Name                     (removed)
Platform                      Linux (removed) 2.6.33.3-72.fc13.x86_64 #1 SMP Wed
                              Apr 28 15:48:01 UTC 2010 x86_64 x86_64
Alert Count                   210
First Seen                    Sun 25 Apr 2010 10:14:38 AM IDT
Last Seen                     Thu 06 May 2010 10:53:04 AM IDT
Local ID                      3a32318b-5bb9-4fbb-8db2-abecbb217263
Line Numbers                  

Raw Audit Messages            

node=(removed) type=AVC msg=audit(1273132384.38:55): avc:  denied  { read } for  pid=4698 comm="rpcbind" name="sh" dev=dm-0 ino=135034 scontext=system_u:system_r:rpcbind_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=lnk_file

node=(removed) type=SYSCALL msg=audit(1273132384.38:55): arch=c000003e syscall=59 success=no exit=-13 a0=7f5c55d0fd91 a1=7fffe2ab0df0 a2=7fffe2ab87e8 a3=7fffe2ab2c00 items=0 ppid=1369 pid=4698 auid=4294967295 uid=32 gid=32 euid=32 suid=32 fsuid=32 egid=32 sgid=32 fsgid=32 tty=(none) ses=4294967295 comm="rpcbind" exe="/sbin/rpcbind" subj=system_u:system_r:rpcbind_t:s0 key=(null)



Hash String generated from  leaks,rpcbind,rpcbind_t,bin_t,lnk_file,read
audit2allow suggests:

#============= rpcbind_t ==============
allow rpcbind_t bin_t:lnk_file read;

Comment 1 Daniel Walsh 2010-05-10 18:18:23 UTC

Any idea what is going on here.  It looks like it is trying to read /bin/sh?

Did you setup rpcbind to exec a shell?

Comment 2 guy carmin 2010-05-10 19:33:18 UTC

nop, How should I do that?

Comment 3 Daniel Walsh 2010-05-11 13:59:26 UTC

I guess not.

I am reassigning to rpcbind to see if they know what is going on.

Comment 4 Bug Zapper 2011-06-02 14:19:09 UTC

This message is a reminder that Fedora 13 is nearing its end of life.
Approximately 30 (thirty) days from now Fedora will stop maintaining
and issuing updates for Fedora 13.  It is Fedora's policy to close all
bug reports from releases that are no longer maintained.  At that time
this bug will be closed as WONTFIX if it remains open with a Fedora 
'version' of '13'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version prior to Fedora 13's end of life.

Bug Reporter: Thank you for reporting this issue and we are sorry that 
we may not be able to fix it before Fedora 13 is end of life.  If you 
would still like to see this bug fixed and are able to reproduce it 
against a later version of Fedora please change the 'version' of this 
bug to the applicable version.  If you are unable to change the version, 
please add a comment here and someone will do it for you.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events.  Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

The process we are following is described here: 
http://fedoraproject.org/wiki/BugZappers/HouseKeeping

Comment 5 Bug Zapper 2011-06-27 16:11:59 UTC

Fedora 13 changed to end-of-life (EOL) status on 2011-06-25. Fedora 13 is 
no longer maintained, which means that it will not receive any further 
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of 
Fedora please feel free to reopen this bug against that version.

Thank you for reporting this bug and we are sorry it could not be fixed.

Note You need to log in before you can comment on or make changes to this bug.