On 4/21/21 6:23 PM, Hans Gruber wrote: > Hello, > > I'm trying to secure and restrict access of a bash script which need to > perform actions on a symlink (update timestamp and create it if missing). >
currently link rules are hard links only. Symlinks are treated like regular files, and mediation is done post symlink traversal so that they can't be used as an attack vector. > Is it possible to use an AppArmor Link Rules for a symbolic link or is it > only for hard link ? > I don't find information about symbolic link. > atm hardlink only, we are investigating extending it to be able to mediate symlinks > According to AppArmor Core Policy Reference at > https://gitlab.com/apparmor/apparmor/-/wikis/AppArmor_Core_Policy_Reference > only hard link is specified. > > Bash script use ln which requires two rules > /path/symlink rw, > /path/[A-Za-Z0-9][A-Za-Z0-9][A-Za-Z0-9][A-Za-Z0-9][A-Za-Z0-9][A-Za-Z0-9][A-Za-Z0-9][A-Za-Z0-9] > rw, > > The second one is required because ln create a temporary file as > /path/CgX8vf6d and it names > changes each time. Without this rule ln fail and audit record denied access > for /path/CgX8vf6d in creation. > But I don't like this rule because it opens potential access to all files in > /path in rw which is a sensitive folder. > > I would like to know if it's possible to use a link rule to avoid the second > one which require rw for read and creation. > > I tried using a link rule but it never worked but it could be misuse by > myself. > Unfortunately at this time this seems to be required. > Thank you in advance. > > Regards > > > > > > -- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
