Bug 666055 - wavparse:sink in gstreamer attempts to execstack
wavparse:sink in gstreamer attempts to execstack
Product: Fedora
Classification: Fedora
Component: gstreamer-plugins-good (Show other bugs)
i686 Linux
low Severity medium
: ---
: ---
Assigned To: Benjamin Otte
Fedora Extras Quality Assurance
: 668281 (view as bug list)
Depends On:
  Show dependency treegraph
Reported: 2010-12-28 11:51 EST by Stuart D Gathman
Modified: 2012-08-16 15:45 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2012-08-16 15:45:39 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Stuart D Gathman 2010-12-28 11:51:42 EST
Description of problem:
selinux reports attempt to execstack by /usr/bin/pidgin

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. run pidgin (irc,aol,facebook plugins in use)
Actual results:
selinux traps

Expected results:
no selinux traps

Additional info:
repeated in audit.log:

type=SYSCALL msg=audit(1293553547.738:32281): arch=40000003 syscall=125 success=no exit=-13 a0=bffd7000 a1=1000 a2=1000007 a3=addfe2ac items=0 ppid=1 pid=2789 auid=902 uid=902 gid=101 euid=902 suid=902 fsuid=902 egid=101 sgid=101 fsgid=101 tty=(none) ses=1 comm="wavparse1:sink" exe="/usr/bin/pidgin" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1293553547.740:32282): avc:  denied  { execstack } for  pid=2789 comm="wavparse1:sink" scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=process
Comment 1 Stuart D Gathman 2010-12-28 12:31:01 EST
These execstack attempts occur continuously, 237 in about 20 mins.  Trapping and logging them is eating about 6% of the CPU.
Comment 2 Stuart D Gathman 2010-12-28 12:47:28 EST
Disabling the plugins one at a time, it seems to stop when I disable the facebook plugin.
Comment 3 Stuart D Gathman 2010-12-28 12:54:31 EST
Never mind, just did a bunch more execstacks with facebook disabled.  Changing back to generic pidgin - not sure whether purple or a plugin is responsible.
Comment 4 Stu Tomlinson 2010-12-28 12:55:13 EST
I'm guessing that these correspond to attempts to play sound events, do they
stop if you turn off sounds in preferences? This is probably a gstreamer or
gstreamer-plugin issue rather than Pidgin itself.
Comment 5 Stuart D Gathman 2010-12-28 17:13:55 EST
Your guess seems to be correct.  And there are some interesting hits when googling wavparse*:sink.  For instance: http://www.mail-archive.com/openafs-info@openafs.org/msg33362.html  Change component to gstreamer?  Or try to narrow it down more?
Comment 6 Stuart D Gathman 2010-12-28 17:18:40 EST
To be specific: when I check "mute sounds", the problem goes away (with sound).  When I uncheck mute, several dozen execstack attempts occur for every sound played.  The sounds *do* play.
Comment 7 Stuart D Gathman 2010-12-28 20:05:52 EST
I am able to reproduce the problem consistently on several systems with different sound hardware.  Clicking "Preview" in the pidgin sound preferences generates 61 execstack attempts (but the sound plays).  Clicking sound event preview in gnome-volume-control or ekiga does *not* cause execstack traps, so it is not clear that gstreamer is the problem.
Comment 8 Heiko Adams 2010-12-29 10:01:44 EST
This problem also occours when using rhythmbox or radiotray! So WTF is going on here??
Comment 9 Stuart D Gathman 2010-12-29 10:28:10 EST
Ok, rhythmbox has no problem with OGG or MP3.  But try to even look at a WAV, and you get the execstack traps.  So this is definitely a gstreamer issue, and only affects WAV files.  Is wavparse in the main gstreamer package?
Comment 10 Stu Tomlinson 2010-12-29 10:43:10 EST
The wavparse plugin is in gstreamer-plugins-good
Comment 11 Stuart D Gathman 2010-12-29 14:41:34 EST
Here is the selinux log for rhythmbox:

type=AVC msg=audit(1293636087.961:25754): avc:  denied  { execstack } for  pid=21509 comm="wavparse0:sink" scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=process
type=SYSCALL msg=audit(1293636087.961:25754): arch=40000003 syscall=125 success=no exit=-13 a0=bfef1000 a1=1000 a2=1000007 a3=b764029c items=0 ppid=1 pid=21509 auid=902 uid=902 gid=902 euid=902 suid=902 fsuid=902 egid=902 sgid=902 fsgid=902 tty=(none) ses=1 comm="wavparse0:sink" exe="/usr/libexec/rhythmbox-metadata" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null)
[ repeat 61 times ]

Each attempt to inspect a WAV using gstreamer in any application results in exactly 61 execstack attempts.
Comment 12 Stuart D Gathman 2011-01-04 12:24:46 EST
If F12, it seems that there were crashes playing sounds.  For instance:


Now in F14, the problem is caught earlier by selinux (which is good).  Is there a simple way to get a stack trace at the point where selinux traps the execstack?
Comment 13 Stu Tomlinson 2011-01-04 13:00:38 EST
Bug #593351 is unrelated to this issue.

Bug #652297 is about a similar issue (execstack required when not expected), see Bug #652297 comment #5 for how to check for any (other) libraries on your system that might be requiring execstack (they may be being pulled in by gstreamer)

Also see https://bugzilla.rpmfusion.org/show_bug.cgi?id=1560 and https://bugzilla.rpmfusion.org/show_bug.cgi?id=1584 and if you have xvidcore from rpmfusion installed try running execstack -c /usr/lib/libxvidcore.so.4.2
Comment 14 Stuart D Gathman 2011-01-04 18:14:04 EST
I ran into another execstack issue in totem:

type=AVC msg=audit(1294182565.290:34871): avc:  denied  { execstack } for  pid=27600 comm="totem-audio-pre" scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=process
type=SYSCALL msg=audit(1294182565.290:34871): arch=40000003 syscall=125 success=no exit=-13 a0=bfb55000 a1=1000 a2=1000007 a3=bfb53c5c items=0 ppid=1 pid=27600 auid=902 uid=902 gid=101 euid=902 suid=902 fsuid=902 egid=101 sgid=101 fsgid=101 tty=(none) ses=1 comm="totem-audio-pre" exe="/usr/bin/totem-audio-preview" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null)

This was from "hover play" of an mp3 in nautilus.
Comment 15 Dmitry M 2011-01-09 16:28:43 EST
*** Bug 668281 has been marked as a duplicate of this bug. ***
Comment 16 Stuart D Gathman 2011-01-19 11:30:18 EST
gnome-sound-recorder is also afflicted:

type=AVC msg=audit(1295298423.941:23901): avc:  denied  { execstack } for  pid=20250 comm="gnome-sound-rec" scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=process
type=SYSCALL msg=audit(1295298423.941:23901): arch=40000003 syscall=125 success=no exit=-13 a0=bfb73000 a1=1000 a2=1000007 a3=bfb7200c items=0 ppid=1 pid=20250 auid=902 uid=902 gid=902 euid=902 suid=902 fsuid=902 egid=902 sgid=902 fsgid=902 tty=(none) ses=2 comm="gnome-sound-rec" exe="/usr/bin/gnome-sound-recorder" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null)
Comment 17 Stuart D Gathman 2011-01-19 11:40:34 EST
Is it recommended to allow execstack access for needed gstreamer apps?  What is the best way to do that?
Comment 18 Fedora End Of Life 2012-08-16 15:45:42 EDT
This message is a notice that Fedora 14 is now at end of life. Fedora 
has stopped maintaining and issuing updates for Fedora 14. It is 
Fedora's policy to close all bug reports from releases that are no 
longer maintained.  At this time, all open bugs with a Fedora 'version'
of '14' have been closed as WONTFIX.

(Please note: Our normal process is to give advanced warning of this 
occurring, but we forgot to do that. A thousand apologies.)

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, feel free to reopen 
this bug and simply change the 'version' to a later Fedora version.

Bug Reporter: Thank you for reporting this issue and we are sorry that 
we were unable to fix it before Fedora 14 reached end of life. If you 
would still like to see this bug fixed and are able to reproduce it 
against a later version of Fedora, you are encouraged to click on 
"Clone This Bug" (top right of this page) and open it against that 
version of Fedora.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events.  Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

The process we are following is described here: 

Note You need to log in before you can comment on or make changes to this bug.