Ok, so *I fixed it!*
Sorry guys, the 'patch' process is a bit complicated here, so I'll just
give a diff to what I have done, and explain why:
$ diff aa-status aa-status_orig
137,140c137,140
< for p in open("/proc/mounts","rb").readlines():
< if p.split()[2].decode() == "securityfs" and \
< os.path.exists(os.path.join(p.split()[1].decode(), "apparmor")):
< return os.path.join(p.split()[1].decode(), "apparmor")
---
> for p in open("/proc/mounts").readlines():
> if p.split()[2] == "securityfs" and \
> os.path.exists(os.path.join(p.split()[1], "apparmor")):
> return os.path.join(p.split()[1], "apparmor")
**And I, Alain BENEDETTI, hereby grant Canonical all rights to use this patch
as it sees fit!**
Explanation:
- Using readlines() on proc/mounts opened as regular stream is wrong! The
kernel considers the mount points as bunch of binary data and does NOT assume
any locale. Here, I have exhibited the bug because I'm mounting on a UTF-8
non-ASCII mount point.
- So to fix the bug, we do the same thing as the kernel:
==> we read the /proc/mounts as BINARY data, hence the first modification
opening it "rb"
- Then we are searching for the string 'securityfs" on the second split.
But as p is now of binary type, we must .decode() this split()[2] that
contains the filetype. Here it is SAFE to .decode() as we know it is a
filetype, therefore we ALWAYS have ASCII here and the .decode() will
always succeed.
- When this first condition passes, we do the same on the split()[1], we apply
.decode(), because join wants 2 strings, and not a binary + a string.
It is also safe here, because securityfs has been mounted on an ASCII mount
point. Considering that this piece of code won't be run when the first part of
the condition fails. We are in an "and" condition, and pyhton (as many
languages) don't evaluate the remaining conditions when the first condition of
an "and" is false.
So, it is closed for me with my own code modifications.
... expecting now the "official" patch of aa-status on the repositories,
whether you use my exact patch, or make it even better!
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1310598
Title:
AppArmor python tools fail to parse mounts with UTF-8 non-ascii
characters
To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/1310598/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
