[Bug 658135] [NEW] Apparmor denies file_mmap access to /usr/lib32/dri/i965_dri.so
Micah Gersten
launchpad at micahscomputing.com
Mon Oct 11 07:11:50 UTC 2010
*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: firefox
Oct 11 02:07:27 defiant kernel: [51558.272166] type=1400 audit(1286780847.653:1768): apparmor="ALLOWED" operation="file_mmap" parent=26486 profile="/usr/lib/firefox-3.6.11/firefox-*bin" name="/usr/lib32/dri/i965_dri.so" pid=26532 comm="npviewer.bin" requested_mask="m" denied_mask="m" fsuid=1000 ouid=0
Oct 11 01:46:37 defiant kernel: [50307.655355] type=1400 audit(1286779597.041:1765): apparmor="DENIED" operation="file_mmap" parent=3991 profile="/usr/lib/firefox-4.0b6/firefox{,*[^s][^h]}" name="/usr/lib32/dri/i965_dri.so" pid=26244 comm="npviewer.bin" requested_mask="m" denied_mask="m" fsuid=1000 ouid=0
The 3.6.x profile was in complain mode, the 4.0 profile was not. This is
when playing a flash video in full screen.
The 4.0 profile also wants access to this:
Oct 11 01:46:37 defiant kernel: [50307.675825] type=1400 audit(1286779597.061:1766): apparmor="DENIED" operation="file_mmap" parent=3991 profile="/usr/lib/firefox-4.0b6/firefox{,*[^s][^h]}" name="/usr/lib32/dri/swrast_dri.so" pid=26244 comm="npviewer.bin" requested_mask="m" denied_mask="m" fsuid=1000 ouid=0
** Affects: firefox (Ubuntu)
Importance: Undecided
Status: New
** Tags: apparmor
** Visibility changed to: Public
** Description changed:
Binary package hint: firefox
Oct 11 02:07:27 defiant kernel: [51558.272166] type=1400 audit(1286780847.653:1768): apparmor="ALLOWED" operation="file_mmap" parent=26486 profile="/usr/lib/firefox-3.6.11/firefox-*bin" name="/usr/lib32/dri/i965_dri.so" pid=26532 comm="npviewer.bin" requested_mask="m" denied_mask="m" fsuid=1000 ouid=0
Oct 11 01:46:37 defiant kernel: [50307.655355] type=1400 audit(1286779597.041:1765): apparmor="DENIED" operation="file_mmap" parent=3991 profile="/usr/lib/firefox-4.0b6/firefox{,*[^s][^h]}" name="/usr/lib32/dri/i965_dri.so" pid=26244 comm="npviewer.bin" requested_mask="m" denied_mask="m" fsuid=1000 ouid=0
The 3.6.x profile was in complain mode, the 4.0 profile was not. This is
when playing a flash video in full screen.
+
+ The 4.0 profile also wants access to this:
+ Oct 11 01:46:37 defiant kernel: [50307.675825] type=1400 audit(1286779597.061:1766): apparmor="DENIED" operation="file_mmap" parent=3991 profile="/usr/lib/firefox-4.0b6/firefox{,*[^s][^h]}" name="/usr/lib32/dri/swrast_dri.so" pid=26244 comm="npviewer.bin" requested_mask="m" denied_mask="m" fsuid=1000 ouid=0
--
Apparmor denies file_mmap access to /usr/lib32/dri/i965_dri.so
https://bugs.launchpad.net/bugs/658135
You received this bug notification because you are a member of Mozilla
Bugs, which is subscribed to firefox in ubuntu.
More information about the Ubuntu-mozillateam-bugs
mailing list