I have to admit that I haven’t played with SELinux since a few releases back and there has been a lot of change since then. It’s now so much easier to write modular policy and incorporate that, along with some nice GUI tools to inspect the AVC’s. It’s only been a few hours, but I’m just starting to get the hang of it! And in the process, noticed something completely scary: Firefox trying to execute code on its stack! Now, I’m hoping it is a bug, or it’s SELinux 1, Intruders 0.

Here the entry from audit.log:

type=AVC msg=audit(1162142793.550:1565): avc: denied { execstack } for pid=4957 comm=”firefox-bin” scontext=user_u:system_r:unconfined_t:s0 tcontext=user_u:system_r:unconfined_t:s0 tclass=process

I’m not sure why firefox would want to do this, so maybe it is one of the plugins?

Firefox specifics follow:

Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.7) Gecko/20061011 Fedora/1.5.0.7-7.fc6 Firefox/1.5.0.7

• DOM Inspector 1.8.0.7
• Web Developer 1.0.2
• Download Statusbar 0.9.4.3
• Map+ 1.1.0
• FireBug 0.4.1
• Open Link Host 1.3.1
• EditCSS 0.3.6
• JavaScript Debugger 0.9.87
• All-in-One Gestures 0.18.0
• Bookmarks Synchronizer 3 1.0.2
• Google Toolbar for Firefox 2.1.20060807L

BTW, I’m loving the new Gnome Desktop Effects in FC6!

This entry was posted on Sunday, October 29th, 2006 at 3:20 pm and is filed under SELinux, WILT. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.