selinux now causing trouble with seamonkey
Jim Cornette
fct-cornette at insight.rr.com
Wed Feb 13 23:46:18 UTC 2008
Daniel J Walsh wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Jim Cornette wrote:
>> Antonio Olivares wrote:
>>> I do not want to have a compromised system, but I am
>>> getting tired of the exec stack stuff appearing just
>>> about everytime I start firefox and now seamonkey as
>>> well. Should I also file a bug against seamonkey for
>>> using the stack?
>>>
>>> Regards,
>>>
>>> Antonio
>> Like I mentioned before, the only site that I experienced the error on
>> is news.aol.com - I did not add anything to any rules for SELinux so I
>> would expect your system has a badly acting plug-in as was suggested by
>> others. Yahoo did not seem to cause problems for me, but I do not use
>> yahoo or have an account for the service.
>>
>> The difference for me is seamonkey used to crash. It now keeps on
>> logging denials. Firefox does crash on the same site as seamonkey used
>> to crash on.
>>
>> If you temporarily change your homepage to another location and bring up
>> firefox or seamonkey does it crash or load successfully?
>>
>> Maybe it is a bug with the browsers. I do not know, but it is not severe
>> on my system.
>>
>> The news.aol.com site generated the below raw messages for firefox.
>>
>> Raw Audit Messages :host=HP-JCF7 type=AVC
>> msg=audit(1202781770.462:1241): avc: denied { execmem } for pid=16598
>> comm="firefox" scontext=unconfined_u:unconfined_r:unconfined_t:s0
>> tcontext=unconfined_u:unconfined_r:unconfined_t:s0 tclass=process
>> host=HP-JCF7 type=SYSCALL msg=audit(1202781770.462:1241): arch=40000003
>> syscall=125 success=no exit=-13 a0=b2f51000 a1=1000 a2=5 a3=bfc5f21c
>> items=0 ppid=16584 pid=16598 auid=500 uid=500 gid=500 euid=500 suid=500
>> fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox"
>> exe="/usr/lib/firefox-3.0b4pre/firefox"
>> subj=unconfined_u:unconfined_r:unconfined_t:s0 key=(null)
>>
>> For seamonkey news.aol.com repeatedly produces the below.
>>
>> Line Numbers: Raw Audit Messages :host=HP-JCF7 type=AVC
>> msg=audit(1202860251.355:818): avc: denied { execmem } for pid=23617
>> comm="seamonkey-bin" scontext=unconfined_u:unconfined_r:unconfined_t:s0
>> tcontext=unconfined_u:unconfined_r:unconfined_t:s0 tclass=process
>> host=HP-JCF7 type=SYSCALL msg=audit(1202860251.355:818): arch=40000003
>> syscall=125 success=no exit=-13 a0=ae321000 a1=1000 a2=5 a3=bf85db5c
>> items=0 ppid=1 pid=23617 auid=500 uid=500 gid=500 euid=500 suid=500
>> fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="seamonkey-bin"
>> exe="/usr/lib/seamonkey-1.1.8/seamonkey-bin"
>> subj=unconfined_u:unconfined_r:unconfined_t:s0 key=(null)
>>
>> Jim
>>
> Well going to this page with nsplugin installed causes nsplugin_t to
> generate an execmem.
>
> - ----
> time->Wed Feb 13 08:00:55 2008
> type=SYSCALL msg=audit(1202907655.715:1515): arch=40000003 syscall=125
> per=8 success=no exit=-13 a0=f2129000 a1=1000 a2=5 a3=ffbff4bc items=0
> ppid=4897 pid=4917 auid=3267 uid=3267 gid=3267 euid=3267 suid=3267
> fsuid=3267 egid=3267 sgid=3267 fsgid=3267 tty=(none) comm="npviewer.bin"
> exe="/usr/lib/nspluginwrapper/npviewer.bin"
> subj=staff_u:staff_r:nsplugin_t:s0 key=(null)
> type=AVC msg=audit(1202907655.715:1515): avc: denied { execmem } for
> pid=4917 comm="npviewer.bin" scontext=staff_u:staff_r:nsplugin_t:s0
> tcontext=staff_u:staff_r:nsplugin_t:s0 tclass=process
>
>
> nsplugin seems to survive though. So this is definitely a plugin
> causing the problem. I would bet it is flashplugin.
>
> Hard to tell if anything is different on this page.
I have flash-plugin-9.0.48.0-release.i386 installed. The Disney website
works for the kids without the plug-in wrapper.
I checked if nspluginwrapper was installed on my system and it wasn't. I
now have it installed nspluginwrapper.i386 0:0.9.91.5-21.fc9.
Thanks, I'll try the site for effect with the wrapper installed.
Jim
More information about the fedora-test-list
mailing list