** Description changed:
+ [Impact]
+
+ Applications which use libapparmor's aa_change_onexec() to set up an
+ AppArmor profile transition across an upcoming exec() could not pre-
+ initialize the environment up until the upstream fix for bug #1584069
+ was in place. That upstream fix had a flaw in that conflicting
+ safe/unsafe change_profile transitions were allowed by apparmor_parser.
+ apparmor_parser should detect conflicting rules and fail to compile the
+ profile.
+
+ [Test Case]
+
+ The upstream fix for this bug includes exhaustive tests for conflicting
+ safe/unsafe change_profile transitions. These tests run at build time.
+
+ If a manual test is desired, see the original report below for steps.
+
+ [Regression Potential]
+
+ Regression potential for this change is small since it is actually a bug
+ fix for the changes introduced in bug #1584069. The regression potential
+ for the changes for bug #1584069 are considerable and listed in that bug
+ report.
+
+ [Original Report]
+
The ability to specify change_profile exec modes (safe/unsafe) is a
recently merged feature. A missing piece is that the parser doesn't
detect conflicting exec modes on the same exec condition. The following
profile should fail to compile:
/t {
- change_profile safe /foo -> /bar,
- change_profile unsafe /foo -> bar,
+ change_profile safe /foo -> /bar,
+ change_profile unsafe /foo -> bar,
}
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1588069
Title:
parser doesn't catch conflicting change_profile exec modes
(safe/unsafe)
Status in AppArmor:
Fix Committed
Status in apparmor package in Ubuntu:
Fix Released
Status in apparmor source package in Xenial:
Fix Committed
Bug description:
[Impact]
Applications which use libapparmor's aa_change_onexec() to set up an
AppArmor profile transition across an upcoming exec() could not pre-
initialize the environment up until the upstream fix for bug #1584069
was in place. That upstream fix had a flaw in that conflicting
safe/unsafe change_profile transitions were allowed by
apparmor_parser. apparmor_parser should detect conflicting rules and
fail to compile the profile.
[Test Case]
The upstream fix for this bug includes exhaustive tests for
conflicting safe/unsafe change_profile transitions. These tests run at
build time.
If a manual test is desired, see the original report below for steps.
[Regression Potential]
Regression potential for this change is small since it is actually a
bug fix for the changes introduced in bug #1584069. The regression
potential for the changes for bug #1584069 are considerable and listed
in that bug report.
[Original Report]
The ability to specify change_profile exec modes (safe/unsafe) is a
recently merged feature. A missing piece is that the parser doesn't
detect conflicting exec modes on the same exec condition. The
following profile should fail to compile:
/t {
change_profile safe /foo -> /bar,
change_profile unsafe /foo -> /bar,
}
To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/1588069/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
