audit warnings under armel with file_mmap operation on /etc/passwd and /etc/group
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| apparmor (Ubuntu) |
Confirmed
|
High
|
Kees Cook | ||
Bug Description
Binary package hint: cups
Hi,
on a freshly installed armel iMX51 Babbage board, I get these warnings in dmesg which seem specific to armel/imx51:
[42949555.850000] type=1503 audit(124025819
[42949555.850000] type=1503 audit(124025819
[42949555.850000] type=1503 audit(124025819
[42949555.860000] type=1503 audit(124025819
[42949555.860000] type=1503 audit(124025819
[42949559.100000] type=1503 audit(124025820
perhaps a kernel config is missing or something?
Bye
ProblemType: Bug
Architecture: armel
DistroRelease: Ubuntu 9.04
Lpstat: Error: command ['lpstat', '-v'] failed with exit code 1: lpstat: No destinations added.
Lspci:
Error: command ['lspci', '-vvnn'] failed with exit code 1: pcilib: Cannot open /proc/bus/pci
lspci: Cannot find any working access method.
Package: cups 1.3.9-17ubuntu1
Papersize: a4
ProcCmdLine: root=UUID=
ProcEnviron:
LANG=fr_FR.UTF-8
SHELL=/bin/bash
ProcVersionSign
SourcePackage: cups
| Loïc Minier (lool) wrote | #1 |
| Kees Cook (kees) wrote | #2 |
| Changed in cups (Ubuntu): | |
| status: | New → Triaged |
| security vulnerability: | no → yes |
| Changed in cups (Ubuntu): | |
| importance: | Undecided → High |
| status: | Triaged → Confirmed |
| affects: | cups (Ubuntu) → apparmor (Ubuntu) |
| Changed in apparmor (Ubuntu): | |
| assignee: | nobody → Kees Cook (kees) |
| tags: | added: arm |
This is still under investigation, but is essentially the same issue seen on i386 when klibc had an executable stack, causing the READ_IMPLIES_EXEC process personality flag to get set. It is not yet clear what the origin of this flag on ARM is, since the architecture is new enough not to flag it, and the ELF doesn't show an executable GNU_STACK header.