Re: F13: nautilus & mmap

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 12/14/2010 02:45 PM, Daniel J Walsh wrote:
> On 12/14/2010 05:02 PM, Daniel B. Thurman wrote:
>
> > Not sure what this means, but it sound omimous...
> > Using the latest updates.
>
> > ==================================================
> > Summary:
>
> > Your system may be seriously compromised! /usr/bin/nautilus (deleted)
> > attempted
> > to mmap low kernel memory.
>
> > Detailed Description:
>
> > SELinux has denied the nautilus the ability to mmap low area of the
> kernel
> > address space. The ability to mmap a low area of the address space, as
> > configured by /proc/sys/kernel/mmap_min_addr. Preventing such
> mappings helps
> > protect against exploiting null deref bugs in the kernel. All
> > applications that
> > need this access should have already had policy written for them. If a
> > compromised application tries modify the kernel this AVC would be
> generated.
> > This is a serious issue. Your system may very well be compromised.
>
> > Allowing Access:
>
> > Contact your security administrator and report this issue.
>
> > Additional Information:
>
> > Source Context               
> > unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1
> >                               023
> > Target Context               
> > unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1
> >                               023
> > Target Objects                None [ memprotect ]
> > Source                        nautilus
> > Source Path                   /usr/bin/nautilus (deleted)
> > Port                          <Unknown>
> > Host                          (removed)
> > Source RPM Packages          
> > Target RPM Packages          
> > Policy RPM                    selinux-policy-3.7.19-74.fc13
> > Selinux Enabled               True
> > Policy Type                   targeted
> > Enforcing Mode                Enforcing
> > Plugin Name                   mmap_zero
> > Host Name                     (removed)
> > Platform                      Linux <host>.<domain>.com
> > 2.6.34.7-61.fc13.i686 #1 SMP
> >                               Tue Oct 19 04:42:47 UTC 2010 i686 i686
> > Alert Count                   1186
> > First Seen                    Thu 09 Dec 2010 12:08:59 PM PST
> > Last Seen                     Thu 09 Dec 2010 12:13:09 PM PST
> > Local ID                      aba9eed1-e6cf-48cb-80c4-88ccf2d90f43
> > Line Numbers                 
>
> > Raw Audit Messages           
>
> > node=<host>.<domain>.com type=AVC msg=audit(1291925589.462:92406): avc:
> > denied  { mmap_zero } for  pid=26679 comm="nautilus"
> > scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
> > tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
> > tclass=memprotect
>
> > node=<host>.<domain>.com type=SYSCALL msg=audit(1291925589.462:92406):
> > arch=40000003 syscall=192 success=no exit=-13 a0=0 a1=a000 a2=3 a3=22
> > items=0 ppid=2663 pid=26679 auid=500 uid=500 gid=500 euid=500 suid=500
> > fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="nautilus"
> > exe=2F7573722F62696E2F6E617574696C7573202864656C6574656429
> > subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null)
>
>
> > --
> > selinux mailing list
> > selinux@xxxxxxxxxxxxxxxxxxxxxxx
> > https://admin.fedoraproject.org/mailman/listinfo/selinux
>
>
> THis is bad.  I have no idea why it would need this and it should be
> denied.  Did you try to execute a wine app?
>
>
Uh, I don't remember if I did, is there a way to tell if I did?

I have another related one, should I post it together with this
one or open a new post?  It is a Nautilus problem as well.

--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux


[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux