Adding two new booleans to httpd to tighten it's security.
Ulrich Drepper
drepper at redhat.com
Sun Dec 11 22:02:52 UTC 2005
Tom London wrote:
> path="/usr/lib/vmware/lib/libgdk-x11-2.0.so.0/libgdk-x11-2.0.so.0"
> type=SYSCALL msg=audit(1134335151.660:39): arch=40000003 syscall=125 per=400000
This is indeed a text relocation issue. Since the code is LGPLed they
have to provide you with the sources. Just use compile and use
eu-findtextrel to determine the sources of the text relocation.
> type=PATH msg=audit(1134331229.904:20): item=0 name="/usr/bin/skype"
> flags=101 inode=145190 dev=fd:00 mode=0100755 ouid=0 ogid=0 rdev=00:00
> type=CWD msg=audit(1134331229.904:20): cwd="/home/tbl"
> type=SYSCALL msg=audit(1134331229.904:20): arch=40000003 syscall=11
That's a fault in the execve syscall. This most likely means the binary
has a section which is executable and writable at the same time. This
really should never happen, it's a security nightmare. Would you want
an application which by its nature has to accept connections from all
over the net to have such a flaw?
Maybe you can post the output of
eu-readelf -l /usr/bin/skype
--
➧ Ulrich Drepper ➧ Red Hat, Inc. ➧ 444 Castro St ➧ Mountain View, CA ❖
More information about the fedora-selinux-list
mailing list