On Mon, Oct 19, 2015 at 12:41 AM, Kshitij Gupta <[email protected]> wrote:
> Hello, > > On Sun, Oct 18, 2015 at 8:50 PM, Christian Boltz <[email protected]> > wrote: > >> Hello, >> >> if a script contains a hashbang like >> #! /usr/bin/perl -w >> aa-autodep created a profile entry like >> "/usr/bin/perl -w" ix, >> which is obviously incorrect. >> >> This patch fixes this (by using only the first part of the hashbang line) >> and also adds some tests for it. >> >> References: https://bugs.launchpad.net/apparmor/+bug/1505775 >> >> >> [ 95-fix-handling-interpreters-with-parameters.diff ] >> >> --- utils/apparmor/aa.py 2015-10-18 16:45:00.661993736 +0200 >> +++ utils/apparmor/aa.py 2015-10-18 17:07:20.459211068 +0200 >> @@ -416,8 +416,9 @@ >> if not hashbang.startswith('#!'): >> return None, None >> >> - interpreter = hashbang[2:].strip() >> - interpreter_path = get_full_path(interpreter) >> + # get the interpreter (without parameters) >> + interpreter = hashbang[2:].strip().split() >> > I'd like to call it "interpreter_and_flags_and_parameters_stuff" but could > settle for "interpreter_and_flags". > Or we can make it: > interpreter_path = hashbang[2:].strip().split()[0] > > Or > interpreter_and_flags = hashbang[2:].strip().split() > interpreter_path = interpreter_and_flags[0] > > This way the name is accurate and we don't have to use interpreter > variable to represent two different things (the other one being below). > > + interpreter_path = get_full_path(interpreter[0]) >> interpreter = re.sub('^(/usr)?/bin/', '', interpreter_path) >> > How about we inline it to: interpreter = re.sub('^(/usr)?/bin/', '', > get_full_path(interpreter_and_flags[0])) > scrap this, since we need to return interpreter_path. > > >> if interpreter in ['bash', 'dash', 'sh']: >> --- utils/test/test-aa.py 2015-10-18 16:45:00.663993620 +0200 >> +++ utils/test/test-aa.py 2015-10-18 17:10:34.845932254 +0200 >> @@ -105,7 +105,9 @@ >> ('#!/bin/dash', ('/bin/dash', >> 'abstractions/bash')), >> ('#!/bin/sh', ('/bin/sh', >> 'abstractions/bash')), >> ('#! /bin/sh ', ('/bin/sh', >> 'abstractions/bash')), >> + ('#! /bin/sh -x ', ('/bin/sh', >> 'abstractions/bash')), # '-x' is not part of the interpreter path >> ('#!/usr/bin/perl', ('/usr/bin/perl', >> 'abstractions/perl')), >> + ('#!/usr/bin/perl -w', ('/usr/bin/perl', >> 'abstractions/perl')), # '-w' is not part of the interpreter path >> ('#!/usr/bin/python', ('/usr/bin/python', >> 'abstractions/python')), >> ('#!/usr/bin/python2', ('/usr/bin/python2', >> 'abstractions/python')), >> ('#!/usr/bin/python2.7', ('/usr/bin/python2.7', >> 'abstractions/python')), >> >> With suggestions considered/incorporated. > > Thanks for the patch. > > Acked-by: Kshitij Gupta <[email protected]>. > >> >> Regards, >> >> Christian Boltz >> -- >> We voted and a big majority wanted it this way. So dont blame this on me. >> p.s. Although you can share-blame it on me. I was one of the peepz who >> voted for it ;) [Henne Vogelsang in opensuse-factory] >> >> >> -- >> AppArmor mailing list >> [email protected] >> Modify settings or unsubscribe at: >> https://lists.ubuntu.com/mailman/listinfo/apparmor >> > > > > -- > Regards, > > Kshitij Gupta > -- Regards, Kshitij Gupta
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
