strange problem

strange problem

[Russell Coker]

avc:  denied  { execute_no_trans } for  pid=11872 exe=/bin/bash 
path=/usr/bin/tr dev=09:03 ino=459224 scontext=system_u:system_r:crack_t 
tcontext=system_u:object_r:unlabeled_t tclass=file
root@test:~# ls --context /usr/bin/tr
-rwxr-xr-x  root     root     system_u:object_r:bin_t          /usr/bin/tr
root@test:~#

The above is a problem that's happened twice to me now.  This time it happened 
with all the SE patches applied, the previous time it happened without.

When I run "tr" from the command line it works!

So why is it being denied when run from crack_t?

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: strange problem

[Stephen Smalley]

On Thu, 31 Oct 2002, Russell Coker wrote:

> avc:  denied  { execute_no_trans } for  pid=11872 exe=/bin/bash
> path=/usr/bin/tr dev=09:03 ino=459224 scontext=system_u:system_r:crack_t
> tcontext=system_u:object_r:unlabeled_t tclass=file
> root@test:~# ls --context /usr/bin/tr
> -rwxr-xr-x  root     root     system_u:object_r:bin_t          /usr/bin/tr
> root@test:~#
>
> The above is a problem that's happened twice to me now.  This time it happened
> with all the SE patches applied, the previous time it happened without.
>
> When I run "tr" from the command line it works!
>
> So why is it being denied when run from crack_t?

This is expected without the separate SELinux patch due to a gap in LSM,
but should be addressed by the separate SELinux patch.  Please verify that
this happens with the SELinux patch applied (and not your hacked version
of the patch, but the original one).  Is this 2.4.19 or 2.5.44?

--
Stephen D. Smalley, NAI Labs
ssmalley@nai.com





--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: strange problem

[Russell Coker]

On Thu, 31 Oct 2002 13:21, Stephen Smalley wrote:
> > When I run "tr" from the command line it works!
> >
> > So why is it being denied when run from crack_t?
>
> This is expected without the separate SELinux patch due to a gap in LSM,
> but should be addressed by the separate SELinux patch.  Please verify that
> this happens with the SELinux patch applied (and not your hacked version
> of the patch, but the original one).  Is this 2.4.19 or 2.5.44?

It's 2.4.19.

I just realised that it's using the kernel without the extra SE patch, not the 
one with the patch.

I was watching TV at the time I was building the new kernel and didn't want to 
reboot my TV in the middle of a show.  After the show ended I forgot to 
reboot with the new kernel... :(

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Strange problem

[Korosi Akos]

Hi all!

I have a strange problem.

Happened that the machine had been rebooted (hardly) for some times,
and at the end the next happened:

Nobody can log in except the root. The message is that there is no
/home/<user> (<user> is the appropriate user)!
But in /home there is the <user> directory, and the <user> has
rwx permissions on it. And everybody has x permission on /home.
The other thing is that in sendmail sm-client can not be started,
because: can not chdir to /var/spool/<somedir>, no permissions.
BUT there are appropritate permissions on that dir, and everybody
has x permission on /var and /var/spool. After that I changed
/var/spool/<somedir> to 777 permissions, but sm-client says the same.
I can log in as root. And if I try to #su - <user>, it wont start.
I tried #strace su - <user> and saw, that su can open some files,
but it can not open to read many files (in /etc), but the files are
there, everybody has read permissions on them, and everybody has
execute permissions on the parent directoryes.

What could this be?
Could this be some virus (I forget to setup iptables correctly),
or could this happen because of hard resets?

I thought that I will reinstall Linux (RH 8.0), because happily
I use more partitions, and there isnt any important data
on root partition.

But I'm very curious about this problem.

I use RedHat 8.0 and Ext3 file system on all data partitions.
This is an older machine (K6-2 350 CPU).

If you need any further info, just ask.

TIA
Akos


________________________________________________
http://mailbox.hu - Már SMS értesítéssel is!

-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

strange problem.

[Michael P. Ryan]

Hi,

  On redhat 7.3 iptables 1.2.5, all needed modules appear to be loaded 
correctly.

I have the box setup to nat and that works like a charm, but run into 
problems when I try to port forward to the internal network. Here is 
what I run, all pretty text book from what I can tell:

$IPTABLES -P INPUT ACCEPT
$IPTABLES -F INPUT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -F OUTPUT
$IPTABLES -P FORWARD DROP
$IPTABLES -F FORWARD
$IPTABLES -t nat -F

# Portfw section
$IPTABLES -A FORWARD -i eth0 -o eth1 -p tcp --dport 23 -m state --state 
NEW,ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A PREROUTING -t  nat -p tcp -d my.external.ip --dport 23 -j 
DNAT --to 192.168.0.6:23
#


$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state --state 
ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
$IPTABLES -A FORWARD -j LOG
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE

--
No errors are ever given, and iptables -L lists the rules no problem. 
However port 23 is never opened, or shown via netstat -a.

I am on kernel 2.4.18-19.7.x fwiw

Any help or suggestions would be greatly appreciated.

-mike

Re: Strange problem

[Ray Olszewski]

You really haven't told us enough for good diagnosis. From what you did 
write, I'd guess there is a problem with mounting partitions other than the 
root (/) one (maybe including /, depending on the details of the /etc 
problems you allude to). User root's home directory is normally on the root 
partition as /root, while /home is often a separate partition, as is /var 
(particualrly if you used RH's default partitioning) ... though /etc almost 
never is (I've never seen a case where it was, and doing it that way would 
cause real problems during init).

Check the status of mounted partitions in /etc/mtab to verify that they are 
mounted RW (and that they are actually mounted as ext3, not ext2). Try (as 
root) umount'ing them, then fsck'ing them, in case they failed an automated 
fsck during init (this seems farfetched since you use ext3 filesystems, but 
it's all I can think of).

Since this happened after a reboot (at least I think that's what you 
wrote), you might want to verify that you are running the same kernel as 
you were before the reboot.

I'd classify the chance that this is a virus as quite small. The hard-reset 
question does make me think of fsck problems with the filesystems.

If that doesn't turn up anything, post again, this time quoting the actual 
error messages instead of paraphrasing them.

At 05:06 PM 1/17/03 +0100, Korosi Akos wrote:
>Hi all!
>
>I have a strange problem.
>
>Happened that the machine had been rebooted (hardly) for some times,
>and at the end the next happened:
>
>Nobody can log in except the root. The message is that there is no
>/home/<user> (<user> is the appropriate user)!
>But in /home there is the <user> directory, and the <user> has
>rwx permissions on it. And everybody has x permission on /home.
>The other thing is that in sendmail sm-client can not be started,
>because: can not chdir to /var/spool/<somedir>, no permissions.
>BUT there are appropritate permissions on that dir, and everybody
>has x permission on /var and /var/spool. After that I changed
>/var/spool/<somedir> to 777 permissions, but sm-client says the same.
>I can log in as root. And if I try to #su - <user>, it wont start.
>I tried #strace su - <user> and saw, that su can open some files,
>but it can not open to read many files (in /etc), but the files are
>there, everybody has read permissions on them, and everybody has
>execute permissions on the parent directoryes.
>
>What could this be?
>Could this be some virus (I forget to setup iptables correctly),
>or could this happen because of hard resets?
>
>I thought that I will reinstall Linux (RH 8.0), because happily
>I use more partitions, and there isnt any important data
>on root partition.
>
>But I'm very curious about this problem.
>
>I use RedHat 8.0 and Ext3 file system on all data partitions.
>This is an older machine (K6-2 350 CPU).
>
>If you need any further info, just ask.


--
-------------------------------------------"Never tell me the odds!"--------
Ray Olszewski					-- Han Solo
Palo Alto, California, USA			  ray@comarre.com
-------------------------------------------------------------------------------

-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

Re: strange problem.

[Alistair Tonner]

	Why would it show as open in netstat? .. .there is no *service*
	listening on that port.   The prerouting will simply mangle the
	packet so that it gets routed to the destination ... You are not opening
	a port on the firewall, you are telling the firewall to take packets that 
	show up at that port and ip and punt them around the corner ....

	Alistair


On January 17, 2003 01:31 pm, Michael P. Ryan wrote:
> Hi,
>
>   On redhat 7.3 iptables 1.2.5, all needed modules appear to be loaded
> correctly.
>
> I have the box setup to nat and that works like a charm, but run into
> problems when I try to port forward to the internal network. Here is
> what I run, all pretty text book from what I can tell:
>
> $IPTABLES -P INPUT ACCEPT
> $IPTABLES -F INPUT
> $IPTABLES -P OUTPUT ACCEPT
> $IPTABLES -F OUTPUT
> $IPTABLES -P FORWARD DROP
> $IPTABLES -F FORWARD
> $IPTABLES -t nat -F
>
> # Portfw section
> $IPTABLES -A FORWARD -i eth0 -o eth1 -p tcp --dport 23 -m state --state
> NEW,ESTABLISHED,RELATED -j ACCEPT
> $IPTABLES -A PREROUTING -t  nat -p tcp -d my.external.ip --dport 23 -j
> DNAT --to 192.168.0.6:23
> #
>
>
> $IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state --state
> ESTABLISHED,RELATED -j ACCEPT
> $IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
> $IPTABLES -A FORWARD -j LOG
> $IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE

Re: strange problem.

[Michael P. Ryan]

My Mistake, thank you for clarifying that.

  I have managed to make it a bit further with my problem. I can get a 
forward working locally from external ip to internal ip on the same 
box, but when I try to create a forward to a system on the internal lan 
I run into problems.

I run:

iptables -A FORWARD -i eth0 -o eth1 -p tcp --dport 223 -m state --state 
NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A PREROUTING -t  nat -p tcp -d my.external.ip --dport 223 -j 
DNAT --to 192.168.0.13:5800

when I try:
telnet my.external.ip 22it hangs and I see the following via dmesg:

IN=eth0 OUT=eth1 SRC=my.external.ip DST=192.168.0.13 LEN=44 TOS=0x10 
PREC=0x00 TTL=56 ID=63199 DF PROTO=TCP SPT=50082 DPT=5800 WINDOW=32768 
RES=0x00 SYN URGP=0

eventually the connection times out.


Any ideas?


Thanks,
Mike

On Friday, January 17, 2003, at 05:45 PM, Alistair Tonner wrote:

>
>
> 	Why would it show as open in netstat? .. .there is no *service*
> 	listening on that port.   The prerouting will simply mangle the
> 	packet so that it gets routed to the destination ... You are not 
> opening
> 	a port on the firewall, you are telling the firewall to take packets 
> that
> 	show up at that port and ip and punt them around the corner ....
>
> 	Alistair
>
>
> On January 17, 2003 01:31 pm, Michael P. Ryan wrote:

RE: strange problem.

[Darrell Dieringer]

Your FORWARD chain rule needs to accept the port number as modified by
your nat rule, not the original port number.  The log message
indicates that a SYN packet destined for 192.168.0.13:5800 was
encountered.  That is the traffic you must accept for your scenario to
work.

> -----Original Message-----
> From: netfilter-admin@lists.netfilter.org
> [mailto:netfilter-admin@lists.netfilter.org]On Behalf Of
> Michael P. Ryan
> Sent: Tuesday, January 21, 2003 4:38 PM
> To: Alistair@nerdnet.ca
> Cc: netfilter@lists.netfilter.org
> Subject: Re: strange problem.
>
>
> My Mistake, thank you for clarifying that.
>
>   I have managed to make it a bit further with my problem.
> I can get a
> forward working locally from external ip to internal ip on the same
> box, but when I try to create a forward to a system on the
> internal lan
> I run into problems.
>
> I run:
>
> iptables -A FORWARD -i eth0 -o eth1 -p tcp --dport 223 -m
> state --state
> NEW,ESTABLISHED,RELATED -j ACCEPT
> iptables -A PREROUTING -t  nat -p tcp -d my.external.ip
> --dport 223 -j
> DNAT --to 192.168.0.13:5800
>
> when I try:
> telnet my.external.ip 22it hangs and I see the following via dmesg:
>
> IN=eth0 OUT=eth1 SRC=my.external.ip DST=192.168.0.13 LEN=44
> TOS=0x10
> PREC=0x00 TTL=56 ID=63199 DF PROTO=TCP SPT=50082 DPT=5800
> WINDOW=32768
> RES=0x00 SYN URGP=0
>
> eventually the connection times out.
>
>
>

Strange problem

[sean]

I've been using Mandrake for awhile now, and have recently encountered a
strange problem.

 When viewing my various mount points under X (KDE 3.1 or Icewm), I cannot see
the contents of any of my mount points however, when viewind them in a console
window, I can see everything as I should be able to.

 Has anyone else encountered this problem?  If so, what can be cone to fix it?

Hawk (Rob Ireland)  E-Mail roc-addict@rogers.com
Fidonet:   1:2401/0 (NC/NEC/Treasurer)
Official Renegade FAQ author

---
 * Origin:  (1:2401/0)
-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs