661807 – SELinux is preventing /lib/ld-2.12.90.so "execstack" access on <Unknown>.

Bug 661807 - SELinux is preventing /lib/ld-2.12.90.so "execstack" access on <Unknown>.

Summary: SELinux is preventing /lib/ld-2.12.90.so "execstack" access on <Unknown>.

Keywords:
Status:	CLOSED DUPLICATE of bug 652297
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	selinux-policy-targeted
Sub Component:
Version:	14
Hardware:	Unspecified
OS:	Unspecified
Priority:	low
Severity:	medium
Target Milestone:	---
Assignee:	Miroslav Grepl
QA Contact:	Ben Levenson
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2010-12-09 17:16 UTC by Simon
Modified:	2010-12-10 19:53 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2010-12-10 19:53:13 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Simon 2010-12-09 17:16:36 UTC

Summary:

SELinux is preventing /lib/ld-2.12.90.so "execstack" access on <Unknown>.

Detailed Description:

SELinux denied access requested by ld-linux.so.2. The current boolean settings
do not allow this access. If you have not setup ld-linux.so.2 to require this
access this may signal an intrusion attempt. If you do intend this access you
need to change the booleans on this system to allow the access.

Allowing Access:

Confined processes can be configured to run requiring different access, SELinux
provides booleans to allow you to turn on/off access as needed. The boolean
allow_execstack is set incorrectly.
Boolean Description:
Allow unconfined executables to make their stack executable. This should never,
ever be necessary. Probably indicates a badly coded executable, but could
indicate an attack. This executable should be reported in bugzilla


Fix Command:

# setsebool -P allow_execstack 1

Additional Information:

Source Context                system_u:system_r:initrc_t:s0
Target Context                system_u:system_r:initrc_t:s0
Target Objects                None [ process ]
Source                        ld-linux.so.2
Source Path                   /lib/ld-2.12.90.so
Port                          <Unknown>
Host                          SAMBA.localdomain
Source RPM Packages           glibc-2.12.90-19
Target RPM Packages           
Policy RPM                    selinux-policy-3.9.7-14.fc14
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Plugin Name                   catchall_boolean
Host Name                     SAMBA.localdomain
Platform                      Linux SAMBA.localdomain 2.6.35.9-64.fc14.i686 #1
                              SMP Fri Dec 3 12:35:42 UTC 2010 i686 i686
Alert Count                   1
First Seen                    Wed 08 Dec 2010 19:36:38 GMT
Last Seen                     Wed 08 Dec 2010 19:36:38 GMT
Local ID                      d8700908-c2fa-40cb-99f4-f6a8c479abcb
Line Numbers                  

Raw Audit Messages            

node=SAMBA.localdomain type=AVC msg=audit(1291836998.268:7): avc:  denied  { execstack } for  pid=1622 comm="ld-linux.so.2" scontext=system_u:system_r:initrc_t:s0 tcontext=system_u:system_r:initrc_t:s0 tclass=process

node=SAMBA.localdomain type=SYSCALL msg=audit(1291836998.268:7): arch=40000003 syscall=125 success=no exit=-13 a0=bf9bd000 a1=1000 a2=1000007 a3=bf9bd014 items=0 ppid=1620 pid=1622 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ld-linux.so.2" exe="/lib/ld-2.12.90.so" subj=system_u:system_r:initrc_t:s0 key=(null)

Comment 1 Miroslav Grepl 2010-12-10 09:25:10 UTC

What does 

# execstack -q /lib/ld-*

show?

And also

# ps -eZ | grep initrc

Comment 2 Simon 2010-12-10 14:32:11 UTC

(In reply to comment #1)
> What does 
> 
> # execstack -q /lib/ld-*
> show?

[root@SAMBA Samba]# execstack -q /lib/ld-*
- /lib/ld-2.12.90.so
- /lib/ld-linux.so.2
- /lib/ld-lsb.so.3
> 
> And also
> 
> # ps -eZ | grep initrc

[root@SAMBA Samba]# ps -eZ | grep initrc
system_u:system_r:initrc_t:s0     831 ?        00:00:00 system-setup-ke
system_u:system_r:initrc_t:s0    1626 ?        00:00:03 I2subAgent

Comment 3 Daniel Walsh 2010-12-10 19:53:13 UTC


*** This bug has been marked as a duplicate of bug 652297 ***

Comment 4 Daniel Walsh 2010-12-10 19:53:45 UTC

Follow commands in other bugreport to find bogus libraries on your system

Note You need to log in before you can comment on or make changes to this bug.