[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #2901 [Tor bundles/installation]: Firefox 4 Tor Browser Bundle: execstack required by libcrypto (Fedora / SELinux)

To: undisclosed-recipients:;
Subject: [tor-bugs] #2901 [Tor bundles/installation]: Firefox 4 Tor Browser Bundle: execstack required by libcrypto (Fedora / SELinux)
From: "Tor Bug Tracker & Wiki" <torproject-admin@xxxxxxxxxxxxxx>
Date: Tue, 12 Apr 2011 17:10:41 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 12 Apr 2011 13:10:52 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-bugs>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: Tor bugs reporting list for trac <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx

#2901: Firefox 4 Tor Browser Bundle: execstack required by libcrypto (Fedora /
SELinux)
--------------------------------------+-------------------------------------
 Reporter:  tagnaq                    |          Owner:  erinn
     Type:  defect                    |         Status:  new  
 Priority:  normal                    |      Milestone:       
Component:  Tor bundles/installation  |        Version:       
 Keywords:                            |         Parent:       
   Points:                            |   Actualpoints:       
--------------------------------------+-------------------------------------
 I tested the recent TBB [1] on Fedora 14 (64Bit).

 SELinux on Fedora is per default in enforcing mode and the SELinux
 variable allow_execstack is per default off. (execstack is forbidden per
 default)

 getsebool allow_execstack
 allow_execstack --> off

 when starting the TBB, SELinux prevents it from starting:

 In the audit.log file one can see:
 [...] avc:  denied  { execstack } [...] comm="vidalia [...]

 caused by:
 find tor-browser_en-US/ -exec execstack -q {} \; -print 2> /dev/null |grep
 ^X
 X tor-browser_en-US/Lib/libcrypto.so
 X tor-browser_en-US/Lib/libcrypto.so.1.0.0

 It _seams_ that libcrypto runs fine with execstack disabled,
 after clearing execstack the TBB starts fine.
 execstack -c libcrypto.so
 execstack -c libcrypto.so.1.0.0

 If you would ship libcrypto without execstack TBB would also run on Fedora
 out-of-the-box, but it is important to investigate the side effects of
 removing execstack on libcrypto in detail.

 If libcrytpo absolutely requires execstack one could allow execstack by
 modifying allow_execstack but that is in general not a nice solution
 (weakens the entire system security) and requires root privileges.

 [1] https://www.torproject.org/dist/torbrowser/linux/tor-browser-gnu-
 linux-x86_64-2.2.23-1-alpha-en-US.tar.gz

 BTW: CentOS is not affected by this issue because execstack is per default
 allowed there (allow_execstack --> on).

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/2901>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Follow-Ups:
- Re: [tor-bugs] #2901 [Tor bundles/installation]: Firefox 4 Tor Browser Bundle: execstack required by libcrypto (Fedora / SELinux)
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #2901 [Tor bundles/installation]: Firefox 4 Tor Browser Bundle: execstack required by libcrypto (Fedora / SELinux)
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #2900 [Tor bundles/installation]: Firefox 4 Tor Browser Bundle does not start on CentOS 5.6 (64Bit)
Next by Author: Re: [tor-bugs] #2901 [Tor bundles/installation]: Firefox 4 Tor Browser Bundle: execstack required by libcrypto (Fedora / SELinux)
Previous by thread: Re: [tor-bugs] #2900 [Tor bundles/installation]: Firefox 4 Tor Browser Bundle does not start on CentOS 5.6 (64Bit)
Next by thread: Re: [tor-bugs] #2901 [Tor bundles/installation]: Firefox 4 Tor Browser Bundle: execstack required by libcrypto (Fedora / SELinux)
Index(es):
- Author
- Thread