selinux now causing trouble with seamonkey

Antonio Olivares olivares14031 at yahoo.com
Tue Feb 12 15:21:47 UTC 2008


--- Daniel J Walsh <dwalsh at redhat.com> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Antonio Olivares wrote:
> > --- Jim Cornette <fct-cornette at insight.rr.com>
> wrote:
> > 
> >> Antonio Olivares wrote:
> >>> Dear all,
> >>>
> >>> In addition to the bug filed 
> >>>
> https://bugzilla.redhat.com/show_bug.cgi?id=432198
> >>>
> >>> selinux now is causing trouble with seamonkey.
> >>>
> >>> I deleted the ~/.mozilla/ directory and started
> >> from
> >>> scratch.  So the argument about the plugins will
> >> not
> >>> work now :)
> >> I use seamonkey where the only site I have this
> >> error on is an aol site. 
> >> It used to crash the browser but now shows 500
> plus
> >> counts. I tried it 
> >> again and got another 400 plus incidents.
> >> (news.aol.com) What site are 
> >> you attempting to load? 
> > Yahoo, to check my mail.  Yahoo is my homepage. 
> It
> > did not do this before, so apparently something is
> > wrong and it is not working :(.  
> >> Apparently the site you are
> >> trying to connect to 
> >> is doing bad things. I think seamonkey and
> firefox
> >> are alright.
> > I do not know which to blame more,
> seamonkey/firefox
> > or selinux. I need to find out more information
> and
> > find a cure for the problem.  I do not understand
> well
> > enough what the exec stack is for and what it
> does. 
> > So I will wait patiently and hope that the problem
> > goes away :).
> > 
> >> Jim
> >>
> >> -- 
> >> fedora-test-list mailing list
> >> fedora-test-list at redhat.com
> >> To unsubscribe: 
> >>
> >
>
https://www.redhat.com/mailman/listinfo/fedora-test-list
> > 
> > 
> > Regards,
> > 
> > Antonio 
> > 
> > 
> >      
>
____________________________________________________________________________________
> > Looking for last minute shopping deals?  
> > Find them fast with Yahoo! Search. 
>
http://tools.search.yahoo.com/newsearch/category.php?category=shopping
> > 
> http://people.redhat.com/~drepper/selinux-mem.html
> 
> Explains execstack.  This might be a rawhide issue
> with
> firefox/seamonkey and should be reported as a bug
> there.  Setting the
> file unconfined_execmem_exec_t will stop the system
> from complaining.
> 
> This could also be a java plugin issue, as java
> requires
> execmem/execstack to work.  But java usually runs as
> a separate process.
> 
> Setting this file unconfined_execmem_exec_t, takes
> away the SELinux
> protection against buffer overflow attacks.  IE
> Making it the same as if
> SELinux was not running.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.8 (GNU/Linux)
> Comment: Using GnuPG with Fedora -
> http://enigmail.mozdev.org
> 
>
iEYEARECAAYFAkexrJMACgkQrlYvE4MpobNKGwCglD1tItC4+Md6R8BWvsY5vuGQ
> fEAAnRojEwntyTaMW828hLmA2KJMWzNV
> =jxfZ
> -----END PGP SIGNATURE-----
> 
> -- 
> fedora-test-list mailing list
> fedora-test-list at redhat.com
> To unsubscribe: 
>
https://www.redhat.com/mailman/listinfo/fedora-test-list
> 

I have filed a bug

https://bugzilla.redhat.com/show_bug.cgi?id=432198

But I also did what you told me on the other message:

[root at localhost ~]# chcon -t unconfined_execmem_exec_t
/usr/lib/firefox-3.0b4pre/firefox
[root at localhost ~]# semanage fcontext -a -t
unconfined_execmem_exec_t
/usr/lib/firefox-3.0b4pre/firefox 
[root at localhost ~]# restorecon
/usr/lib/firefox-3.0b4pre/firefox
/etc/selinux/targeted/contexts/files/file_contexts:
Multiple same specifications for /usr/bin/sbcl.
[root at localhost ~]# 

I do not want to have a compromised system, but I am
getting tired of the exec stack stuff appearing just
about everytime I start firefox and now seamonkey as
well.  Should I also file a bug against seamonkey for
using the stack?

Regards,

Antonio 




      ____________________________________________________________________________________
Looking for last minute shopping deals?  
Find them fast with Yahoo! Search.  http://tools.search.yahoo.com/newsearch/category.php?category=shopping




More information about the fedora-test-list mailing list