Bug 659154 - Your system may be seriously compromised!
Summary: Your system may be seriously compromised!
Keywords:
Status: CLOSED DUPLICATE of bug 659145
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 13
Hardware: i386
OS: Linux
low
medium
Target Milestone: ---
Assignee: Miroslav Grepl
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: setroubleshoot_trace_hash:216a4e3f1a1...
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-12-02 01:30 UTC by maurizio
Modified: 2010-12-08 19:18 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2010-12-02 09:36:33 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description maurizio 2010-12-02 01:30:54 UTC 
Summary:

Your system may be seriously compromised!

Detailed Description:

[SELinux is in permissive mode. This access was not denied.]

SELinux has prevented /usr/share/syst from modifying $TARGET. This denial
indicates /usr/share/syst was trying to modify the selinux policy configuration.
All applications that need this access should have already had policy written
for them. If a compromised application tries to modify the SELinux policy this
AVC will be generated. This is a serious issue. Your system may very well be
compromised.

Allowing Access:

Contact your security administrator and report this issue.

Additional Information:

Source Context                mauricio:user_r:user_t:s0-s0:c0.c1023
Target Context                unconfined_u:object_r:semanage_store_t:s0
Target Objects                /etc/selinux/targeted/modules/active/modules [ dir
                              ]
Source                        /usr/share/syst
Source Path                   /usr/bin/python
Port                          <Unknown>
Host                          (removed)
Source RPM Packages           python-2.6.4-25.fc13
Target RPM Packages           
Policy RPM                    selinux-policy-3.7.19-69.fc13
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Permissive
Plugin Name                   selinuxpolicy
Host Name                     (removed)
Platform                      Linux (removed) 2.6.33.3-85.fc13.i686
                              #1 SMP Thu May 6 18:44:12 UTC 2010 i686 i686
Alert Count                   1
First Seen                    Wed 01 Dec 2010 05:41:48 PM MST
Last Seen                     Wed 01 Dec 2010 05:41:48 PM MST
Local ID                      00247bfe-5f13-462e-ae8b-bf03ed242f30
Line Numbers                  

Raw Audit Messages            

node=(removed) type=AVC msg=audit(1291250508.509:38): avc:  denied  { write } for  pid=2601 comm="/usr/share/syst" name="modules" dev=dm-0 ino=133405 scontext=mauricio:user_r:user_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:semanage_store_t:s0 tclass=dir

node=(removed) type=SYSCALL msg=audit(1291250508.509:38): arch=40000003 syscall=33 success=yes exit=0 a0=c5cbf00 a1=7 a2=791424 a3=c5cbea0 items=0 ppid=2583 pid=2601 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="/usr/share/syst" exe="/usr/bin/python" subj=mauricio:user_r:user_t:s0-s0:c0.c1023 key=(null)



Hash String generated from  selinuxpolicy,/usr/share/syst,user_t,semanage_store_t,dir,write
audit2allow suggests:

#============= user_t ==============
#!!!! The source type 'user_t' can write to a 'dir' of the following types:
# gpg_pinentry_tmp_t, sandbox_file_type, tmp_t, httpd_user_content_t, user_home_dir_t, user_tmpfs_t, screen_var_run_t, mail_spool_t, mqueue_spool_t, tmpfs_t, gpg_agent_tmp_t, sandbox_file_type, user_tmp_t, httpd_user_script_exec_t, user_home_type, user_fonts_t, user_fonts_config_t, nfsd_rw_t, httpd_user_ra_content_t, httpd_user_rw_content_t, user_fonts_cache_t, screen_home_t, sshd_tmp_t, xdm_tmp_t, noxattrfs, dosfs_t

allow user_t semanage_store_t:dir write;
Comment 1 Miroslav Grepl 2010-12-02 09:36:33 UTC 

*** This bug has been marked as a duplicate of bug 659145 ***
Note You need to log in before you can comment on or make changes to this bug.