[Pkg-clamav-devel] Bug#588599: Bug#588599: /usr/bin/freshclam: freshclam tries to mmap() with READ/WRITE/EXECUTE access

[Stephen Gran]

This one time, at band camp, Russell Coker said:
> type=AVC msg=audit(1278729355.797:22750): avc:  denied  { execmem } for  
> pid=2649 comm="freshclam" scontext=system_u:system_r:freshclam_t:s0 
> tcontext=system_u:system_r:freshclam_t:s0 tclass=process
> type=SYSCALL msg=audit(1278729355.797:22750): arch=c000003e syscall=9 
> success=no exit=-13 a0=0 a1=1000 a2=7 a3=22 items=0 ppid=1 pid=2649 
> auid=4294967295 uid=104 gid=108 euid=104 suid=104 fsuid=104 egid=108 sgid=108 
> fsgid=108 tty=(none) ses=4294967295 comm="freshclam" exe="/usr/bin/freshclam" 
> subj=system_u:system_r:freshclam_t:s0 key=(null)
> 
> The above messages are logged when running this on a SE Linux system.  It
> appears to work correctly anyway so it seems that the code has some fallback
> option for if execmem is denied.
> 
> I can't think of a good reason for a program to have write/execute access to
> memory when all it does is download data from the network.

I agree.  Can you provide some help tracking it down?

Cheers,
-- 
 -----------------------------------------------------------------
|   ,''`.                                            Stephen Gran |
|  : :' :                                        sgran at debian.org |
|  `. `'                        Debian user, admin, and developer |
|    `-                                     http://www.debian.org |
 -----------------------------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 835 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-clamav-devel/attachments/20100710/72337063/attachment-0001.pgp>