selinux now causing trouble with seamonkey

Daniel J Walsh dwalsh at redhat.com
Tue Feb 12 14:26:27 UTC 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Antonio Olivares wrote:
> --- Jim Cornette <fct-cornette at insight.rr.com> wrote:
> 
>> Antonio Olivares wrote:
>>> Dear all,
>>>
>>> In addition to the bug filed 
>>> https://bugzilla.redhat.com/show_bug.cgi?id=432198
>>>
>>> selinux now is causing trouble with seamonkey.
>>>
>>> I deleted the ~/.mozilla/ directory and started
>> from
>>> scratch.  So the argument about the plugins will
>> not
>>> work now :)
>> I use seamonkey where the only site I have this
>> error on is an aol site. 
>> It used to crash the browser but now shows 500 plus
>> counts. I tried it 
>> again and got another 400 plus incidents.
>> (news.aol.com) What site are 
>> you attempting to load? 
> Yahoo, to check my mail.  Yahoo is my homepage.  It
> did not do this before, so apparently something is
> wrong and it is not working :(.  
>> Apparently the site you are
>> trying to connect to 
>> is doing bad things. I think seamonkey and firefox
>> are alright.
> I do not know which to blame more, seamonkey/firefox
> or selinux. I need to find out more information and
> find a cure for the problem.  I do not understand well
> enough what the exec stack is for and what it does. 
> So I will wait patiently and hope that the problem
> goes away :).
> 
>> Jim
>>
>> -- 
>> fedora-test-list mailing list
>> fedora-test-list at redhat.com
>> To unsubscribe: 
>>
> https://www.redhat.com/mailman/listinfo/fedora-test-list
> 
> 
> Regards,
> 
> Antonio 
> 
> 
>       ____________________________________________________________________________________
> Looking for last minute shopping deals?  
> Find them fast with Yahoo! Search.  http://tools.search.yahoo.com/newsearch/category.php?category=shopping
> 
http://people.redhat.com/~drepper/selinux-mem.html

Explains execstack.  This might be a rawhide issue with
firefox/seamonkey and should be reported as a bug there.  Setting the
file unconfined_execmem_exec_t will stop the system from complaining.

This could also be a java plugin issue, as java requires
execmem/execstack to work.  But java usually runs as a separate process.

Setting this file unconfined_execmem_exec_t, takes away the SELinux
protection against buffer overflow attacks.  IE Making it the same as if
SELinux was not running.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkexrJMACgkQrlYvE4MpobNKGwCglD1tItC4+Md6R8BWvsY5vuGQ
fEAAnRojEwntyTaMW828hLmA2KJMWzNV
=jxfZ
-----END PGP SIGNATURE-----




More information about the fedora-test-list mailing list