info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
SELinux preventing the creation of a rawip_socket
86 views
Skip to first unread message
Alexander Ploumistos
Dec 21, 2016, 11:23:56 AM12/21/16
to dev-se...@lists.mozilla.org
Hello all,
A few days ago I filed a bug on BMO with a question
https://bugzilla.mozilla.org/show_bug.cgi?id=1322872
and I was advised to take it to this list. You can get more details
from the bug report and the links to the Red Hat Bugzilla - here's the
gist:
A short while after enabling e10s, I started seeing SELinux alerts,
saying that it had prevented 57656220436F6E74656E74 from creating
rawip_sockets. It took me a little while to figure out that
57656220436F6E74656E74 was actually firefox and a little while longer
to notice that this always happened with specific ads served on a
number of sites, with www.merriam-webster.com being the most
consistent one. In Fedora, this was addressed in selinux-policy by
disabling the relevant checks. However, given the nature of recent
attacks worldwide, I was wondering if this might be a sign of
something nefarious going on and not the expected behavior. I was told
to get in touch with mozilla, hence this message.
Best regards
Alex
A few days ago I filed a bug on BMO with a question
https://bugzilla.mozilla.org/show_bug.cgi?id=1322872
and I was advised to take it to this list. You can get more details
from the bug report and the links to the Red Hat Bugzilla - here's the
gist:
A short while after enabling e10s, I started seeing SELinux alerts,
saying that it had prevented 57656220436F6E74656E74 from creating
rawip_sockets. It took me a little while to figure out that
57656220436F6E74656E74 was actually firefox and a little while longer
to notice that this always happened with specific ads served on a
number of sites, with www.merriam-webster.com being the most
consistent one. In Fedora, this was addressed in selinux-policy by
disabling the relevant checks. However, given the nature of recent
attacks worldwide, I was wondering if this might be a sign of
something nefarious going on and not the expected behavior. I was told
to get in touch with mozilla, hence this message.
Best regards
Alex
Devdatta Akhawe
Dec 22, 2016, 11:35:12 PM12/22/16
to Alexander Ploumistos, dev-se...@lists.mozilla.org
Alex,
Looking at the bug report, it looks like it's plugin container complaining
which makes me think this is a Flash file trying to make raw sockets using
the standard flash API for this. That said, I know you mentioned that you
don't have any plugins enabled but I wonder if Flash is whitelisted in some
place somewhere
Cheers
Dev
On Dec 21, 2016 8:24 AM, "Alexander Ploumistos" <ale...@fedoraproject.org>
wrote:
_______________________________________________
dev-security mailing list
dev-se...@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security
Looking at the bug report, it looks like it's plugin container complaining
which makes me think this is a Flash file trying to make raw sockets using
the standard flash API for this. That said, I know you mentioned that you
don't have any plugins enabled but I wonder if Flash is whitelisted in some
place somewhere
Cheers
Dev
On Dec 21, 2016 8:24 AM, "Alexander Ploumistos" <ale...@fedoraproject.org>
wrote:
dev-security mailing list
dev-se...@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security
Alexander Ploumistos
Dec 23, 2016, 6:55:22 AM12/23/16
to Devdatta Akhawe, dev-se...@lists.mozilla.org
On Fri, Dec 23, 2016 at 5:35 AM, Devdatta Akhawe <dev.a...@gmail.com> wrote:
> That said, I know you mentioned that you don't have any plugins enabled but I
> wonder if Flash is whitelisted in some place somewhere
I looked at Adobe Flash Player Preferences and it was set to "Allow
> That said, I know you mentioned that you don't have any plugins enabled but I
> wonder if Flash is whitelisted in some place somewhere
sites to save information on this computer", but I couldn't recognize
any of the domains listed in Local Storage Settings, nor did I find
any connection to third parties that try to load ads on some of the
pages I was seeing this issue. Would this setting work even with flash
disabled? I can't think of any other "whitelist".
In any case, should SELinux keep blocking those attempts? I can't
remember having any problems on sites that required me to enable flash
(and I don't think I saw any SELinux warnings on such sites).
Best regards
0 new messages