On Tue, 2011-05-17 at 09:19 +0200, Daniel J Walsh wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 05/16/2011 10:23 PM, Francis Shim wrote:
> SELinux is preventing /usr/bin/skype from mmap_zero access on the memprotect
Unknown.
>
> ***** Plugin mmap_zero (53.1 confidence) suggests **************************
>
> If you do not think /usr/bin/skype should need to mmap low memory in the kernel.
> Then you may be under attack by a hacker, this is a very dangerous access.
> Do
> contact your security administrator and report this issue.
>
> ***** Plugin catchall_boolean (42.6 confidence) suggests *******************
>
> If you want to control the ability to mmap a low area of the address space, as
configured by /proc/sys/kernel/mmap_min_addr.
> Then you must tell SELinux about this by enabling the 'mmap_low_allowed'
boolean.
> Do
> setsebool -P mmap_low_allowed 1
>
> ***** Plugin catchall (5.76 confidence) suggests ***************************
>
> If you believe that skype should be allowed mmap_zero access on the Unknown
memprotect by default.
> Then you should report this as a bug.
> You can generate a local policy module to allow this access.
> Do
> allow this access for now by executing:
> # grep skype /var/log/audit/audit.log | audit2allow -M mypol
> # semodule -i mypol.pp
>
> Additional Information:
> Source Context unconfined_u:unconfined_r:unconfined_execmem_t:s0-
> s0:c0.c1023
> Target Context unconfined_u:unconfined_r:unconfined_execmem_t:s0-
> s0:c0.c1023
> Target Objects Unknown [ memprotect ]
> Source skype
> Source Path /usr/bin/skype
> Port <Unknown>
> Host mobile-pc.localdomain
> Source RPM Packages
> Target RPM Packages
> Policy RPM selinux-policy-3.9.7-40.fc14
> Selinux Enabled True
> Policy Type targeted
> Enforcing Mode Enforcing
> Host Name mobile-pc.localdomain
> Platform Linux mobile-pc.localdomain
> 2.6.35.13-91.fc14.i686.PAE #1 SMP Tue May 3
> 13:29:55 UTC 2011 i686 i686
> Alert Count 100
> First Seen Mon 16 May 2011 03:37:35 PM EDT
> Last Seen Mon 16 May 2011 03:37:35 PM EDT
> Local ID 162a1493-50dc-4231-ad0f-808d6fe5330b
>
> Raw Audit Messages
> type=AVC msg=audit(1305574655.789:127): avc: denied { mmap_zero } for pid=2784
comm="skype"
scontext=unconfined_u:unconfined_r:unconfined_execmem_t:s0-s0:c0.c1023
tcontext=unconfined_u:unconfined_r:unconfined_execmem_t:s0-s0:c0.c1023 tclass=memprotect
>
>
> Hash: skype,unconfined_execmem_t,unconfined_execmem_t,memprotect,mmap_zero
>
> audit2allow
>
> #============= unconfined_execmem_t ==============
> #!!!! This avc is allowed in the current policy
>
> allow unconfined_execmem_t self:memprotect mmap_zero;
>
> audit2allow -R
>
> #============= unconfined_execmem_t ==============
> #!!!! This avc is allowed in the current policy
>
> allow unconfined_execmem_t self:memprotect mmap_zero;
>
>
>
> --
> selinux mailing list
> selinux(a)lists.fedoraproject.org
>
https://admin.fedoraproject.org/mailman/listinfo/selinux
>
>
The alert tells you what you can do to allow it. The access is
dangerous, if it is really needed. Did skype actually work? Did you
report this bug to Skype?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora -
http://enigmail.mozdev.org/
iEYEARECAAYFAk3SIXUACgkQrlYvE4MpobOl9QCgu3TffLIP+JSKE7ehvAdOKayr
hcEAnRLW3Q9AjiwqGDxNwDhhwhTjRxhE
=52Nf
-----END PGP SIGNATURE-----
I am trying to report to Skype; however, I
really wanted to get some
credibility feedback from the SELinux forum before i do, because I was
really puzzled as to whether the following is happening:
Skype is really trying to access "low memory" (ie: < 1 MB) or is it DMA
memory areas? In either case, it just kind of freaked me out when I saw
it.
I am gambling that it is for DMA purposes so I allowed the access and
Skype works fine now; however, you can bet that I will be forwarding my
concerns to Skype. I hope I am not the only one who run into this
because it might mean that I really might have a virus.
Peace,
Frank