Re: [Dspam-user] DSPAM 3.10.2 segfaults

Tue, 28 Jan 2014 00:21:48 -0800 

On 28-01-14 07:38, Wicher wrote:
> On Mon, Jan 27, 2014 at 10:35 PM, Patrick Laimbock <patr...@laimbock.com> 
> wrote:
>
>> 6403  socket(PF_FILE, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 25
>> 6403  connect(25, {sa_family=AF_FILE, path="/dev/log"}, 110) = 0
>> 6403  sendto(25, "<20>Jan 27 22:11:59 dspam[6372]:"..., 119,
>> MSG_NOSIGNAL, NULL, 0) = 119
>> 6403  close(25)                         = 0
>
> I'm curious — what did it write to the system log just before segfaulting?

Hi Wicher,

I couldn't find anything:

Jan 27 22:01:02 vps kernel: dspam[5621]: segfault at 29 ip 
00007f3b55a2612c sp 00007f3b539d1c00 error 4 in 
libc-2.12.so[7f3b559de000+18b000]
Jan 28 03:05:53 vps yum[18797]: Updated: ...

The following AVCs were reported in /var/log/audit/audit.log on Jan 27 
(please note that SELinux was in permissive mode):

type=AVC msg=audit(1390709045.662:44574): avc:  denied  { open } for 
pid=26277 comm="dspam" name="meminfo" dev=proc ino=4026532034 
scontext=system_u:system_r:dspam_t:s0 
tcontext=system_u:object_r:proc_t:s0 tclass=file
type=AVC msg=audit(1390709045.663:44575): avc:  denied  { getattr } for 
  pid=26277 comm="dspam" path="/proc/meminfo" dev=proc ino=4026532034 
scontext=system_u:system_r:dspam_t:s0 
tcontext=system_u:object_r:proc_t:s0 tclass=file
type=AVC msg=audit(1390753004.293:46186): avc:  denied  { read write } 
for  pid=22849 comm="dspam" path="[eventpoll]" dev=anon_inodefs ino=3786 
scontext=system_u:system_r:dspam_t:s0 
tcontext=system_u:object_r:anon_inodefs_t:s0 tclass=file

Regards,
Patrick

------------------------------------------------------------------------------
WatchGuard Dimension instantly turns raw network data into actionable 
security intelligence. It gives you real-time visual feedback on key
security issues and trends.  Skip the complicated setup - simply import
a virtual appliance and go from zero to informed in seconds.
http://pubads.g.doubleclick.net/gampad/clk?id=123612991&iu=/4140/ostg.clktrk
_______________________________________________
Dspam-user mailing list
Dspam-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspam-user

Reply via email to