SELinux preventing the creation of a rawip_socket

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

SELinux preventing the creation of a rawip_socket

Alexander Ploumistos
Hello all,

A few days ago I filed a bug on BMO with a question
https://bugzilla.mozilla.org/show_bug.cgi?id=1322872
and I was advised to take it to this list. You can get more details
from the bug report and the links to the Red Hat Bugzilla - here's the
gist:

A short while after enabling e10s, I started seeing SELinux alerts,
saying that it had prevented 57656220436F6E74656E74 from creating
rawip_sockets. It took me a little while to figure out that
57656220436F6E74656E74 was actually firefox and a little while longer
to notice that this always happened with specific ads served on a
number of sites, with www.merriam-webster.com being the most
consistent one. In Fedora, this was addressed in selinux-policy by
disabling the relevant checks. However, given the nature of recent
attacks worldwide, I was wondering if this might be a sign of
something nefarious going on and not the expected behavior. I was told
to get in touch with mozilla, hence this message.

Best regards
Alex
_______________________________________________
dev-security mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-security
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: SELinux preventing the creation of a rawip_socket

Devdatta Akhawe
Alex,

Looking at the bug report, it looks like it's plugin container complaining
which makes me think this is a Flash file trying to make raw sockets using
the standard flash API for this.  That said, I know you mentioned that you
don't have any plugins enabled but I wonder if Flash is whitelisted in some
place somewhere

Cheers
Dev



On Dec 21, 2016 8:24 AM, "Alexander Ploumistos" <[hidden email]>
wrote:

Hello all,

A few days ago I filed a bug on BMO with a question
https://bugzilla.mozilla.org/show_bug.cgi?id=1322872
and I was advised to take it to this list. You can get more details
from the bug report and the links to the Red Hat Bugzilla - here's the
gist:

A short while after enabling e10s, I started seeing SELinux alerts,
saying that it had prevented 57656220436F6E74656E74 from creating
rawip_sockets. It took me a little while to figure out that
57656220436F6E74656E74 was actually firefox and a little while longer
to notice that this always happened with specific ads served on a
number of sites, with www.merriam-webster.com being the most
consistent one. In Fedora, this was addressed in selinux-policy by
disabling the relevant checks. However, given the nature of recent
attacks worldwide, I was wondering if this might be a sign of
something nefarious going on and not the expected behavior. I was told
to get in touch with mozilla, hence this message.

Best regards
Alex
_______________________________________________
dev-security mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-security
_______________________________________________
dev-security mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-security
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: SELinux preventing the creation of a rawip_socket

Alexander Ploumistos
On Fri, Dec 23, 2016 at 5:35 AM, Devdatta Akhawe <[hidden email]> wrote:
> That said, I know you mentioned that you don't have any plugins enabled but I
> wonder if Flash is whitelisted in some place somewhere

I looked at Adobe Flash Player Preferences and it was set to "Allow
sites to save information on this computer", but I couldn't recognize
any of the domains listed in Local Storage Settings, nor did I find
any connection to third parties that try to load ads on some of the
pages I was seeing this issue. Would this setting work even with flash
disabled? I can't think of any other "whitelist".
In any case, should SELinux keep blocking those attempts? I can't
remember having any problems on sites that required me to enable flash
(and I don't think I saw any SELinux warnings on such sites).

Best regards
_______________________________________________
dev-security mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-security
Loading...