[Desktop-packages] [Bug 1045986] Re: Ubuntu AppArmor policy is too lenient with shell scripts

Thu, 06 Sep 2012 21:41:24 -0700 

This bug was fixed in the package isc-dhcp - 4.2.4-1ubuntu7

---------------
isc-dhcp (4.2.4-1ubuntu7) quantal-proposed; urgency=low

  * debian/dhclient-script.linux: Explicitly set the PATH to that of
    ENV_SUPATH in /etc/login.defs and unset various other variables. We need
    to do this so /sbin/dhclient cannot abuse the environment to escape
    AppArmor confinement via this script. This can be removed once AppArmor
    supports environment filtering (LP: 1045985). Don't worry about
    debian/dhclient-script.linux.udeb or debian/dhclient-script.kfreebsd*
    since AppArmor isn't used in these environments.
    - LP: #1045986

isc-dhcp (4.2.4-1ubuntu6) quantal-proposed; urgency=low

  * SECURITY UPDATE: denial of service via unexpected client identifiers
    - debian/patches/CVE-2012-3570.patch: validate MAC length in
      includes/dhcpd.h, server/dhcpv6.c.
    - CVE-2012-3570
  * SECURITY UPDATE: denial of service via malformed client identifiers
    - debian/patches/CVE-2012-3571.patch: validate packets in
      common/options.c, includes/dhcpd.h.
    - CVE-2012-3571
  * SECURITY UPDATE: denial of service via memory leaks
    - debian/patches/CVE-2012-3954.patch: properly manage memory in
      common/options.c and server/dhcpv6.c.
    - CVE-2012-3954
 -- Jamie Strandboge <ja...@ubuntu.com>   Wed, 05 Sep 2012 08:59:49 -0500

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox in Ubuntu.
https://bugs.launchpad.net/bugs/1045986

Title:
  Ubuntu AppArmor policy is too lenient with shell scripts

Status in “apparmor” package in Ubuntu:
  Triaged
Status in “apport” package in Ubuntu:
  Fix Released
Status in “chromium-browser” package in Ubuntu:
  Confirmed
Status in “cups” package in Ubuntu:
  Confirmed
Status in “dhcp3” package in Ubuntu:
  Invalid
Status in “firefox” package in Ubuntu:
  Confirmed
Status in “isc-dhcp” package in Ubuntu:
  Fix Released
Status in “apparmor” source package in Lucid:
  Invalid
Status in “apport” source package in Lucid:
  Fix Committed
Status in “chromium-browser” source package in Lucid:
  Confirmed
Status in “cups” source package in Lucid:
  Confirmed
Status in “dhcp3” source package in Lucid:
  Fix Committed
Status in “firefox” source package in Lucid:
  Confirmed
Status in “isc-dhcp” source package in Lucid:
  Invalid
Status in “apparmor” source package in Natty:
  Triaged
Status in “apport” source package in Natty:
  Fix Committed
Status in “chromium-browser” source package in Natty:
  Confirmed
Status in “cups” source package in Natty:
  Confirmed
Status in “dhcp3” source package in Natty:
  Invalid
Status in “firefox” source package in Natty:
  Confirmed
Status in “isc-dhcp” source package in Natty:
  Fix Committed
Status in “apparmor” source package in Oneiric:
  Triaged
Status in “apport” source package in Oneiric:
  Fix Committed
Status in “chromium-browser” source package in Oneiric:
  Confirmed
Status in “cups” source package in Oneiric:
  Confirmed
Status in “dhcp3” source package in Oneiric:
  Invalid
Status in “firefox” source package in Oneiric:
  Confirmed
Status in “isc-dhcp” source package in Oneiric:
  Fix Committed
Status in “apparmor” source package in Precise:
  Triaged
Status in “apport” source package in Precise:
  Fix Committed
Status in “chromium-browser” source package in Precise:
  Confirmed
Status in “cups” source package in Precise:
  Confirmed
Status in “dhcp3” source package in Precise:
  Invalid
Status in “firefox” source package in Precise:
  Confirmed
Status in “isc-dhcp” source package in Precise:
  Fix Committed
Status in “apparmor” source package in Quantal:
  Triaged
Status in “apport” source package in Quantal:
  Fix Released
Status in “chromium-browser” source package in Quantal:
  Confirmed
Status in “cups” source package in Quantal:
  Confirmed
Status in “dhcp3” source package in Quantal:
  Invalid
Status in “firefox” source package in Quantal:
  Confirmed
Status in “isc-dhcp” source package in Quantal:
  Fix Released

Bug description:
  Dan Rosenberg has blogged about some AppArmor profile weaknesses in Ubuntu:
  http://blog.azimuthsecurity.com/2012/09/poking-holes-in-apparmor-profiles.html

  This bug will track the work needed to fix them. This is a
  continuation of bug #851986, except for PATH and shell scripts.
  Unfortunately, until we have proper environment filtering support in
  AppArmor, we will have to employ more bandaids-- specifically, either
  eliminating Ux/sanitized helper on shell scripts or adjusting those
  shell scripts to explicitly set their PATH. The good news is that
  environment filtering is on the AppArmor roadmap, and it something we
  will be targeting in the future releases. I filed bug #1045985 to more
  easily track the progress of that work.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1045986/+subscriptions

-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to     : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to