View Issue Details

IDProjectCategoryView StatusLast Update
0005201CentOS-6wpa_supplicantpublic2011-10-24 14:24
Reporterdls 
PrioritynormalSeverityminorReproducibilityalways
Status resolvedResolutionfixed 
Product Version6.0 
Target VersionFixed in Version 
Summary0005201: SELinux is preventing /usr/sbin/wpa_supplicant from using the 'sys_module' capabilities.
Description
Summary:

Your system may be seriously compromised! /usr/sbin/wpa_supplicant tried to load
a kernel module.

Detailed Description:

SELinux has prevented wpa_supplicant from loading a kernel module. All confined
programs that need to load kernel modules should have already had policy written
for them. If a compromised application tries to modify the kernel this AVC will
be generated. This is a serious issue. Your system may very well be compromised.

Allowing Access:

Contact your security administrator and report this issue.

Additional Information:

Source Context system_u:system_r:NetworkManager_t:s0-s0:c0.c1023
Target Context system_u:system_r:NetworkManager_t:s0-s0:c0.c1023
Target Objects None [ capability ]
Source wpa_supplicant
Source Path /usr/sbin/wpa_supplicant
Port <Unknown>
Host io.milky.way
Source RPM Packages wpa_supplicant-0.6.8-10.el6
Target RPM Packages
Policy RPM selinux-policy-3.7.19-54.el6_0.5
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Plugin Name sys_module
Host Name io.milky.way
Platform Linux io.milky.way 2.6.32-71.29.1.el6.i686 #1 SMP
                              Mon Jun 27 18:07:00 BST 2011 i686 i686
Alert Count 7
First Seen Sun 09 Oct 2011 11:12:31 AM EDT
Last Seen Sun 23 Oct 2011 12:51:02 PM EDT
Local ID 058c00ca-38f4-4010-89c0-2e6cbe0e14b7
Line Numbers

Raw Audit Messages

node=io.milky.way type=AVC msg=audit(1319388662.163:155): avc: denied { sys_module } for pid=4169 comm="wpa_supplicant" capability=16 scontext=system_u:system_r:NetworkManager_t:s0-s0:c0.c1023 tcontext=system_u:system_r:NetworkManager_t:s0-s0:c0.c1023 tclass=capability

node=io.milky.way type=SYSCALL msg=audit(1319388662.163:155): arch=40000003 syscall=54 success=no exit=-19 a0=8 a1=8933 a2=bfca928c a3=8 items=0 ppid=1 pid=4169 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="wpa_supplicant" exe="/usr/sbin/wpa_supplicant" subj=system_u:system_r:NetworkManager_t:s0-s0:c0.c1023 key=(null)


Steps To ReproduceEnable wireless networking (using either the NetworkManager Applet or this notebook computer's hardware wireless on/off switch).
Additional InformationAppears to be similar to, if not the same as:

https://bugzilla.redhat.com/show_bug.cgi?id=684415
TagsNo tags attached.

Activities

range

range

2011-10-23 18:02

administrator   ~0013603

Is this still happening when you update with the continuous release repository (CR) to come close to what 6.1 ships?

See http://wiki.centos.org/AdditionalResources/Repositories/CR for more information.
dls

dls

2011-10-24 09:35

reporter   ~0013606

I just enabled the continuous release repository, updated from it, and rebooted. I then tried unsuccessfully a couple times to reproduce the event. I noticed there was a kernel update in there: perhaps that was the "fix". Thank you for pointing me in the right direction.
range

range

2011-10-24 11:18

administrator   ~0013608

Okay, you should be able to look through the kernel changelog (rpm -q --changelog kernel) and see if the bug from the bugzilla trakcer is mentioned somewhere.

Closing.

Issue History

Date Modified Username Field Change
2011-10-23 17:11 dls New Issue
2011-10-23 18:02 range Note Added: 0013603
2011-10-23 18:03 range Status new => feedback
2011-10-24 09:35 dls Note Added: 0013606
2011-10-24 09:35 dls Status feedback => assigned
2011-10-24 11:18 range Note Added: 0013608
2011-10-24 11:18 range Status assigned => resolved
2011-10-24 11:18 range Resolution open => fixed