Noticed some strange anomalies during gameplay,ddos etc,file access & other access.

is this related to the ioquake3 vulns? ,please comment ,should these files be accessed by Urbanterror?.

Setup some audit logs to see what was going on,see logs below .

Whilst playing files such as tcpdump ,firefox,& /etc/passwd are being accessed ,and denied ,but access request is via the urbanterror application appears to be piped through nvidiactl .

This occurs on some servers ,not all ,and there seems to be some chat in regards to these activities .

Thought this had been corrected ?,no guru but these files shouldnt be accessed by the UT executable,one slip on an unpatched system and Valla ,root access via the app,looks like smurfing was attempted.


Include Evince & thumbnailer


type=AVC msg=audit(1326506857.797:109): apparmor="DENIED" operation="open" parent=1 profile="/home/user/Downloads/UrbanTerror/ioUrbanTerror.i386" name="/etc/passwd" pid=6333 comm="ioUrbanTerror.i" requested_mask="r" denied_mask="r" fsuid=1006 ouid=0
type=AVC msg=audit(1326544741.665:463): apparmor="DENIED" operation="open" parent=1 profile="/home/user/Downloads/UrbanTerror/ioUrbanTerror.i386" name="/etc/passwd" pid=10378 comm="ioUrbanTerror.i" requested_mask="r" denied_mask="r" fsuid=1006 ouid=0
type=AVC msg=audit(1326590224.799:58): apparmor="DENIED" operation="open" parent=1934 profile="/usr/lib/firefox-9.0.1/firefox{,*[^s][^h]}" name="/dev/nvidiactl" pid=1937 comm="firefox" requested_mask="rw" denied_mask="rw" fsuid=1000 ouid=0
type=AVC msg=audit(1326590767.580:59): apparmor="DENIED" operation="open" parent=2117 profile="/usr/lib/firefox-9.0.1/firefox{,*[^s][^h]}" name="/dev/nvidiactl" pid=2120 comm="firefox" requested_mask="rw" denied_mask="rw" fsuid=1000 ouid=0
type=AVC msg=audit(1327574589.468:58): apparmor="DENIED" operation="open" parent=2150 profile="/usr/lib/firefox-9.0.1/firefox{,*[^s][^h]}" name="/dev/nvidiactl" pid=2153 comm="firefox" requested_mask="rw" denied_mask="rw" fsuid=1000 ouid=0
type=AVC msg=audit(1327583606.594:62): apparmor="DENIED" operation="open" parent=10865 profile="/usr/lib/firefox-9.0.1/firefox{,*[^s][^h]}" name="/dev/nvidiactl" pid=10868 comm="firefox" requested_mask="rw" denied_mask="rw" fsuid=1000 ouid=0
type=AVC msg=audit(1327584249.739:61): apparmor="DENIED" operation="open" parent=2123 profile="/usr/lib/firefox-9.0.1/firefox{,*[^s][^h]}" name="/dev/nvidiactl" pid=2126 comm="firefox" requested_mask="rw" denied_mask="rw" fsuid=1000 ouid=0
type=AVC msg=audit(1327584461.401:62): apparmor="DENIED" operation="open" parent=2247 profile="/usr/lib/firefox-9.0.1/firefox{,*[^s][^h]}" name="/dev/nvidiactl" pid=2250 comm="firefox" requested_mask="rw" denied_mask="rw" fsuid=1000 ouid=0
type=AVC msg=audit(1327624066.389:61): apparmor="DENIED" operation="open" parent=1930 profile="/usr/lib/firefox-9.0.1/firefox{,*[^s][^h]}" name="/dev/nvidiactl" pid=1933 comm="firefox" requested_mask="rw" denied_mask="rw" fsuid=1000 ouid=0
type=AVC msg=audit(1327625263.922:62): apparmor="DENIED" operation="open" parent=2107 profile="/usr/lib/firefox-9.0.1/firefox{,*[^s][^h]}" name="/dev/nvidiactl" pid=2110 comm="firefox" requested_mask="rw" denied_mask="rw" fsuid=1000 ouid=0
type=AVC msg=audit(1327628694.351:63): apparmor="DENIED" operation="open" parent=2284 profile="/usr/lib/firefox-9.0.1/firefox{,*[^s][^h]}" name="/dev/nvidiactl" pid=2287 comm="firefox" requested_mask="rw" denied_mask="rw" fsuid=1000 ouid=0
type=AVC msg=audit(1327631742.656:64): apparmor="DENIED" operation="open" parent=2448 profile="/usr/lib/firefox-9.0.1/firefox{,*[^s][^h]}" name="/dev/nvidiactl" pid=2451 comm="firefox" requested_mask="rw" denied_mask="rw" fsuid=1000 ouid=0
type=AVC msg=audit(1327632687.132:65): apparmor="DENIED" operation="open" parent=2555 profile="/usr/lib/firefox-9.0.1/firefox{,*[^s][^h]}" name="/dev/nvidiactl" pid=2558 comm="firefox" requested_mask="rw" denied_mask="rw" fsuid=1000 ouid=0
type=AVC msg=audit(1327636142.949:66): apparmor="DENIED" operation="open" parent=2690 profile="/usr/lib/firefox-9.0.1/firefox{,*[^s][^h]}" name="/dev/nvidiactl" pid=2693 comm="firefox" requested_mask="rw" denied_mask="rw" fsuid=1000 ouid=0
type=AVC msg=audit(1327636151.389:67): apparmor="DENIED" operation="open" parent=1 profile="/usr/lib/firefox-9.0.1/firefox{,*[^s][^h]}" name="/dev/nvidiactl" pid=2690 comm="firefox" requested_mask="rw" denied_mask="rw" fsuid=1000 ouid=0
type=AVC msg=audit(1327651089.657:68): apparmor="DENIED" operation="open" parent=1 profile="/usr/lib/firefox-9.0.1/firefox{,*[^s][^h]}" name="/dev/nvidiactl" pid=3027 comm="firefox" requested_mask="rw" denied_mask="rw" fsuid=1000 ouid=0
type=AVC msg=audit(1327651097.821:69): apparmor="DENIED" operation="open" parent=3085 profile="/usr/lib/firefox-9.0.1/firefox{,*[^s][^h]}" name="/dev/nvidiactl" pid=3087 comm="firefox" requested_mask="rw" denied_mask="rw" fsuid=1000 ouid=0
type=AVC msg=audit(1327652654.838:70): apparmor="DENIED" operation="open" parent=4526 profile="/usr/lib/firefox-9.0.1/firefox{,*[^s][^h]}" name="/dev/nvidiactl" pid=4529 comm="firefox" requested_mask="rw" denied_mask="rw" fsuid=1000 ouid=0
type=AVC msg=audit(1327652954.244:71): apparmor="DENIED" operation="open" parent=4567 profile="/usr/lib/firefox-9.0.1/firefox{,*[^s][^h]}" name="/dev/nvidiactl" pid=4570 comm="firefox" requested_mask="rw" denied_mask="rw" fsuid=1000 ouid=0
type=AVC msg=audit(1327653960.215:72): apparmor="DENIED" operation="open" parent=4995 profile="/usr/lib/firefox-9.0.1/firefox{,*[^s][^h]}" name="/dev/nvidiactl" pid=4998 comm="firefox" requested_mask="rw" denied_mask="rw" fsuid=1000 ouid=0
type=AVC msg=audit(1327654194.069:73): apparmor="DENIED" operation="open" parent=5436 profile="/usr/lib/firefox-9.0.1/firefox{,*[^s][^h]}" name="/dev/nvidiactl" pid=5439 comm="firefox" requested_mask="rw" denied_mask="rw" fsuid=1000 ouid=0
type=AVC msg=audit(1327658238.106:75): apparmor="DENIED" operation="open" parent=1 profile="/home/user/Downloads/UrbanTerror/ioUrbanTerror.i386" name="/etc/passwd" pid=5931 comm="ioUrbanTerror.i" requested_mask="r" denied_mask="r" fsuid=1006 ouid=0
type=AVC msg=audit(1327658599.113:76): apparmor="DENIED" operation="open" parent=5959 profile="/usr/lib/firefox-9.0.1/firefox{,*[^s][^h]}" name="/dev/nvidiactl" pid=5962 comm="firefox" requested_mask="rw" denied_mask="rw" fsuid=1006 ouid=0
type=AVC msg=audit(1327658913.385:77): apparmor="DENIED" operation="open" parent=6019 profile="/usr/lib/firefox-9.0.1/firefox{,*[^s][^h]}" name="/dev/nvidiactl" pid=6022 comm="firefox" requested_mask="rw" denied_mask="rw" fsuid=1006 ouid=0
type=AVC msg=audit(1327659728.159:78): apparmor="DENIED" operation="open" parent=1 profile="/home/user/Downloads/UrbanTerror/ioUrbanTerror.i386" name="/etc/passwd" pid=6072 comm="ioUrbanTerror.i" requested_mask="r" denied_mask="r" fsuid=1006 ouid=0
type=AVC msg=audit(1327667382.139:79): apparmor="DENIED" operation="open" parent=7204 profile="/usr/lib/firefox-9.0.1/firefox{,*[^s][^h]}" name="/dev/nvidiactl" pid=7207 comm="firefox" requested_mask="rw" denied_mask="rw" fsuid=1000 ouid=0
type=AVC msg=audit(1327670997.354:80): apparmor="DENIED" operation="open" parent=1 profile="/home/user/Downloads/UrbanTerror/ioUrbanTerror.i386" name="/etc/passwd" pid=7522 comm="ioUrbanTerror.i" requested_mask="r" denied_mask="r" fsuid=1006 ouid=0
type=AVC msg=audit(1327671737.173:81): apparmor="DENIED" operation="open" parent=7574 profile="/home/user/Downloads/UrbanTerror/ioUrbanTerror.i386" name="/etc/passwd" pid=7575 comm="ioUrbanTerror.i" requested_mask="r" denied_mask="r" fsuid=1006 ouid=0
type=AVC msg=audit(1327671738.249:82): apparmor="DENIED" operation="mknod" parent=7574 profile="/home/user/Downloads/UrbanTerror/ioUrbanTerror.i386" name="/home/user/Desktop/botlib.log" pid=7575 comm="ioUrbanTerror.i" requested_mask="c" denied_mask="c" fsuid=1006 ouid=1006
type=AVC msg=audit(1327705036.132:58): apparmor="DENIED" operation="open" parent=2052 profile="/usr/lib/firefox-9.0.1/firefox{,*[^s][^h]}" name="/dev/nvidiactl" pid=2055 comm="firefox" requested_mask="rw" denied_mask="rw" fsuid=1000 ouid=0
type=AVC msg=audit(1327725678.568:59): apparmor="DENIED" operation="open" parent=3292 profile="/usr/lib/firefox-9.0.1/firefox{,*[^s][^h]}" name="/dev/nvidiactl" pid=3295 comm="firefox" requested_mask="rw" denied_mask="rw" fsuid=1000 ouid=0
type=AVC msg=audit(1327747606.120:61): apparmor="DENIED" operation="open" parent=2048 profile="/usr/lib/firefox-9.0.1/firefox{,*[^s][^h]}" name="/dev/nvidiactl" pid=2052 comm="firefox" requested_mask="rw" denied_mask="rw" fsuid=1000 ouid=0
type=AVC msg=audit(1327757342.736:62): apparmor="DENIED" operation="open" parent=1 profile="/home/user/Downloads/UrbanTerror/ioUrbanTerror.i386" name="/etc/passwd" pid=3043 comm="ioUrbanTerror.i" requested_mask="r" denied_mask="r" fsuid=1006 ouid=0
type=AVC msg=audit(1327762005.656:63): apparmor="DENIED" operation="open" parent=1 profile="/home/user/Downloads/UrbanTerror/ioUrbanTerror.i386" name="/etc/passwd" pid=3335 comm="ioUrbanTerror.i" requested_mask="r" denied_mask="r" fsuid=1006 ouid=0