Re: Selinux attacks acroread again

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Paul Smith wrote:
On 4/13/06, Paul Howarth <paul@xxxxxxxxxxxx> wrote:
Thanks, Paul. Done so and subsequently:

# chcon -t texrel_shlib_t
/usr/local/Adobe/Acrobat7.0/Reader/intellinux/lib/libJP2K.so
# chcon -t texrel_shlib_t
/usr/local/Adobe/Acrobat7.0/Reader/intellinux/lib/libCoolType.so

Acroread shows up, but reporting errors while loading a bunch of
plugins. Any ideas?
Did you do:

/usr/sbin/semanage fcontext -a -t textrel_shlib_t \
'/usr/local/Adobe/Acrobat7.0/Reader/intellinux/SPPlugins/.*\.apl'

/usr/sbin/semanage fcontext -a -t textrel_shlib_t \
'/usr/local/Adobe/Acrobat7.0/Reader/intellinux/plug_ins/.*\.api'

before the restorecon?

What's the output of:

$ ls -lZ /usr/local/Adobe/Acrobat7.0/Reader/intellinux/*/*.ap*
Yes, I did that before restorecon.

# ls -lZ /usr/local/Adobe/Acrobat7.0/Reader/intellinux/*/
*.ap*
-rwxr-xr-x  root     root     system_u:object_r:textrel_shlib_t /usr/local/Adobe
/Acrobat7.0/Reader/intellinux/plug_ins/Accessibility.api
-rwxr-xr-x  root     root     system_u:object_r:textrel_shlib_t /usr/local/Adobe
/Acrobat7.0/Reader/intellinux/plug_ins/AcroForm.api
-rwxr-xr-x  root     root     system_u:object_r:textrel_shlib_t /usr/local/Adobe
/Acrobat7.0/Reader/intellinux/plug_ins/Annots.api
-rwxr-xr-x  root     root     system_u:object_r:textrel_shlib_t /usr/local/Adobe
/Acrobat7.0/Reader/intellinux/plug_ins/checkers.api
-rwxr-xr-x  root     root     system_u:object_r:textrel_shlib_t /usr/local/Adobe
/Acrobat7.0/Reader/intellinux/plug_ins/DigSig.api
-rwxr-xr-x  root     root     system_u:object_r:textrel_shlib_t /usr/local/Adobe
/Acrobat7.0/Reader/intellinux/plug_ins/EFS.api
-rwxr-xr-x  root     root     system_u:object_r:textrel_shlib_t /usr/local/Adobe
/Acrobat7.0/Reader/intellinux/plug_ins/EScript.api
-rwxr-xr-x  root     root     system_u:object_r:textrel_shlib_t /usr/local/Adobe
/Acrobat7.0/Reader/intellinux/plug_ins/ewh.api
-rwxr-xr-x  root     root     system_u:object_r:textrel_shlib_t
/usr/local/Adobe
/Acrobat7.0/Reader/intellinux/plug_ins/LegalPDF.api
-rwxr-xr-x  root     root     system_u:object_r:textrel_shlib_t
/usr/local/Adobe
/Acrobat7.0/Reader/intellinux/plug_ins/MakeAccessible.api
-rwxr-xr-x  root     root     system_u:object_r:textrel_shlib_t
/usr/local/Adobe
/Acrobat7.0/Reader/intellinux/plug_ins/PDDom.api
-rwxr-xr-x  root     root     system_u:object_r:textrel_shlib_t
/usr/local/Adobe
/Acrobat7.0/Reader/intellinux/plug_ins/PPKLite.api
-rwxr-xr-x  root     root     system_u:object_r:textrel_shlib_t
/usr/local/Adobe
/Acrobat7.0/Reader/intellinux/plug_ins/SaveAsRTF.api
-rwxr-xr-x  root     root     system_u:object_r:textrel_shlib_t
/usr/local/Adobe
/Acrobat7.0/Reader/intellinux/plug_ins/SearchFind.api
-rwxr-xr-x  root     root     system_u:object_r:textrel_shlib_t
/usr/local/Adobe
/Acrobat7.0/Reader/intellinux/plug_ins/SendMail.api
-rwxr-xr-x  root     root     system_u:object_r:textrel_shlib_t
/usr/local/Adobe
/Acrobat7.0/Reader/intellinux/plug_ins/SOAP.api
-rwxr-xr-x  root     root     system_u:object_r:textrel_shlib_t
/usr/local/Adobe
/Acrobat7.0/Reader/intellinux/plug_ins/Spelling.api
-rwxr-xr-x  root     root     system_u:object_r:textrel_shlib_t
/usr/local/Adobe
/Acrobat7.0/Reader/intellinux/plug_ins/wwwlink.api
-rwxr-xr-x  root     root     system_u:object_r:textrel_shlib_t
/usr/local/Adobe
/Acrobat7.0/Reader/intellinux/SPPlugins/ADMPlugin.apl
They all look ok; does it work with SELinux in permissive mode?

Try:
# setenforce 0

If it still doesn't work, the problem's not SELinux.

If it does, look for the SELinux denials in /var/log/messages or
/var/log/audit/audit.log

# setforce 1
will turn enforcing mode back on.

Yes, 'setenforce 0' does make a difference. How can I quickly do the
suggested inspection into var/log/messages and
/var/log/audit/audit.log?

Try:

# grep -F 'avc:  denied' /var/log/audit/audit.log /var/log/messages

Note that there are two spaces between "avc:" and "denied".

This will probably produce a lot of output. Please try to trim it down the last bits that appear relevant to the problem.

Paul.


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux