[Touch-packages] [Bug 1235444] Re: pkg_name calculated incorrectly

Thu, 31 Jul 2014 08:51:36 -0700 

** Changed in: thumbnailer
       Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to thumbnailer in Ubuntu.
https://bugs.launchpad.net/bugs/1235444

Title:
  pkg_name calculated incorrectly

Status in Thumbnail generator for all kinds of files:
  Fix Released
Status in “thumbnailer” package in Ubuntu:
  Fix Released
Status in “thumbnailer” source package in Saucy:
  Fix Released

Bug description:
  get_app_pkg_name() parses the value of /proc/self/attr/current to determine 
the value to use for the cache directory, but it has an off by one error as 
seen with this apparmor denial:
  Oct  4 14:47:00 localhost kernel: [ 2456.617111] type=1400 
audit(1380916020.878:369): apparmor="DENIED" operation="mkdir" parent=3324 
profile="net.launchpad.ubuntu-security.ubuntu-sdk-1310-api-demos_ubuntu-sdk-1310-api-demos_0.6"
 
name="/home/jamie/.cache/net.launchpad.ubuntu-security.ubuntu-sdk-1310-api-demo/"
 pid=15749 comm="qmlscene" requested_mask="c" denied_mask="c" fsuid=1000 
ouid=1000

  The app's apparmor label is 
"net.launchpad.ubuntu-security.ubuntu-sdk-1310-api-demos_ubuntu-sdk-1310-api-demos_0.6"
 so it should use:
  /home/jamie/.cache/net.launchpad.ubuntu-security.ubuntu-sdk-1310-api-demos

  however is actually uses:
  /home/jamie/.cache/net.launchpad.ubuntu-security.ubuntu-sdk-1310-api-demo

  This can perhaps be seen more clearly with the attached test program. Steps 
to reproduce:
  $ cat > /tmp/bug.profile <<EOM
  #include <tunables/global>
  profile test_me {
    file,
  }
  EOM
  $ sudo apparmor_parser -r /tmp/bug.profile
  $ g++ /tmp/bug.cpp -o /tmp/bug
  $ aa-exec -p test_me -- /tmp/bug
  /proc/self/attr/current=test_me (enforce)
  app_pkg_name=tes
  $

  In addition to the above, get_app_pkg_name() is not careful enough in 
determining the package name. It should throw an error if the value of 
/proc/self/attr/current doesn't match the following regex:
   ^[a-z0-9][a-z0-9+.-]+_[a-zA-Z0-9+.-]+_[0-9][a-zA-Z0-9.+:~-]*$

  (see https://wiki.ubuntu.com/AppStore/Interfaces/ApplicationId for details). 
To consider why, consider the following valid profile names:
    /usr/bin/lsb_release
    /usr/lib/lightdm/lightdm/lightdm-guest-session-wrapper//chromium_browser
    /opt/foo/_bar

To manage notifications about this bug go to:
https://bugs.launchpad.net/thumbnailer/+bug/1235444/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : [email protected]
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to