Bug 759261 - Your system may be seriously compromised! iwconfig tried to load a kernel module.
Summary: Your system may be seriously compromised! iwconfig tried to load a kernel mod...
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 13
Hardware: i386
OS: Linux
unspecified
medium
Target Milestone: ---
Assignee: Miroslav Grepl
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: setroubleshoot_trace_hash:81b80dfbb52...
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-12-01 19:39 UTC by maurizio
Modified: 2011-12-02 09:47 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-12-02 09:47:53 UTC
Type: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description maurizio 2011-12-01 19:39:27 UTC 
Summary:

Your system may be seriously compromised! iwconfig tried to load a kernel
module.

Detailed Description:

SELinux has prevented iwconfig from loading a kernel module. All confined
programs that need to load kernel modules should have already had policy written
for them. If a compromised application tries to modify the kernel this AVC will
be generated. This is a serious issue. Your system may very well be compromised.

Allowing Access:

Contact your security administrator and report this issue.

Additional Information:

Source Context                system_u:system_r:ifconfig_t:s0
Target Context                system_u:system_r:ifconfig_t:s0
Target Objects                None [ capability ]
Source                        iwconfig
Source Path                   iwconfig
Port                          <Unknown>
Host                          (removed)
Source RPM Packages           
Target RPM Packages           
Policy RPM                    selinux-policy-3.7.19-101.fc13
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Plugin Name                   sys_module
Host Name                     (removed)
Platform                      Linux (removed)
                              2.6.34.9-69.fc13.i686 #1 SMP Tue May 3 09:20:30
                              UTC 2011 i686 i686
Alert Count                   8
First Seen                    Thu 01 Dec 2011 12:31:34 PM MST
Last Seen                     Thu 01 Dec 2011 12:32:49 PM MST
Local ID                      b3c6e83b-d831-45c8-b17b-78fdfb96de2f
Line Numbers                  

Raw Audit Messages            

node=(removed) type=AVC msg=audit(1322767969.581:34): avc:  denied  { sys_module } for  pid=4070 comm="iwconfig" capability=16  scontext=system_u:system_r:ifconfig_t:s0 tcontext=system_u:system_r:ifconfig_t:s0 tclass=capability



Hash String generated from  sys_module,iwconfig,ifconfig_t,ifconfig_t,capability,sys_module
audit2allow suggests:

#============= ifconfig_t ==============
allow ifconfig_t self:capability sys_module;
Comment 1 Miroslav Grepl 2011-12-02 09:47:53 UTC 
F13 is no longer supported. Please update to a newer version of Fedora. Thank you.
Note You need to log in before you can comment on or make changes to this bug.