F13: nautilus & mmap

Daniel B. Thurman dant at cdkkt.com
Tue Dec 14 22:02:11 UTC 2010 

Not sure what this means, but it sound omimous...
Using the latest updates.

==================================================
Summary:

Your system may be seriously compromised! /usr/bin/nautilus (deleted)
attempted
to mmap low kernel memory.

Detailed Description:

SELinux has denied the nautilus the ability to mmap low area of the kernel
address space. The ability to mmap a low area of the address space, as
configured by /proc/sys/kernel/mmap_min_addr. Preventing such mappings helps
protect against exploiting null deref bugs in the kernel. All
applications that
need this access should have already had policy written for them. If a
compromised application tries modify the kernel this AVC would be generated.
This is a serious issue. Your system may very well be compromised.

Allowing Access:

Contact your security administrator and report this issue.

Additional Information:

Source Context               
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1
                              023
Target Context               
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1
                              023
Target Objects                None [ memprotect ]
Source                        nautilus
Source Path                   /usr/bin/nautilus (deleted)
Port                          <Unknown>
Host                          (removed)
Source RPM Packages          
Target RPM Packages          
Policy RPM                    selinux-policy-3.7.19-74.fc13
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Plugin Name                   mmap_zero
Host Name                     (removed)
Platform                      Linux <host>.<domain>.com
2.6.34.7-61.fc13.i686 #1 SMP
                              Tue Oct 19 04:42:47 UTC 2010 i686 i686
Alert Count                   1186
First Seen                    Thu 09 Dec 2010 12:08:59 PM PST
Last Seen                     Thu 09 Dec 2010 12:13:09 PM PST
Local ID                      aba9eed1-e6cf-48cb-80c4-88ccf2d90f43
Line Numbers                 

Raw Audit Messages           

node=<host>.<domain>.com type=AVC msg=audit(1291925589.462:92406): avc: 
denied  { mmap_zero } for  pid=26679 comm="nautilus"
scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
tclass=memprotect

node=<host>.<domain>.com type=SYSCALL msg=audit(1291925589.462:92406):
arch=40000003 syscall=192 success=no exit=-13 a0=0 a1=a000 a2=3 a3=22
items=0 ppid=2663 pid=26679 auid=500 uid=500 gid=500 euid=500 suid=500
fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="nautilus"
exe=2F7573722F62696E2F6E617574696C7573202864656C6574656429
subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null)

More information about the selinux mailing list