Public bug reported:
The sequence of commands below should not succeed. They show that the
parser is incorrectly encoding a change_profile rule with an exec
condition to allow a direct changeprofile operation without the exec
condition being satisfied.
$ echo "profile nt { file, signal, unix, }" | sudo apparmor_parser -qr
$ echo "profile test { file, signal, unix, change_profile /does/not/exist ->
nt, }" | sudo apparmor_parser -qr
$ aa-exec -p test -- bash
$ cat /proc/self/attr/current
test (enforce)
# IMPORTANT: This command should fail instead of allowing the process confined
# by the # "test" profile change to the "nt" profile without an exec
$ echo "changeprofile nt" > /proc/self/attr/current
$ cat /proc/self/attr/current
nt (enforce)
** Affects: apparmor
Importance: High
Assignee: Tyler Hicks (tyhicks)
Status: Triaged
** Affects: apparmor (Ubuntu)
Importance: High
Assignee: Tyler Hicks (tyhicks)
Status: Triaged
** Tags: aa-parser
** Description changed:
- The sequence of commands below should not succeed.
+ The sequence of commands below should not succeed. They show that the
+ parser is incorrectly encoding a change_profile rule with an exec
+ condition to allow a direct changeprofile operation without the exec
+ condition being satisfied.
$ echo "profile nt { file, signal, unix, }" | sudo apparmor_parser -qr
$ echo "profile test { file, signal, unix, change_profile /does/not/exist ->
nt, }" | sudo apparmor_parser -qr
$ aa-exec -p test -- bash
$ cat /proc/self/attr/current
test (enforce)
-
- # This command should fail instead of allowing the process confined by the
"test" profile change to the "nt" profile without an exec
+ # IMPORTANT: This command should fail instead of allowing the process confined
+ # by the # "test" profile change to the "nt" profile without an exec
$ echo "changeprofile nt" > /proc/self/attr/current
$ cat /proc/self/attr/current
nt (enforce)
** Also affects: apparmor
Importance: Undecided
Status: New
** Changed in: apparmor
Importance: Undecided => High
** Changed in: apparmor
Status: New => Triaged
** Changed in: apparmor
Assignee: (unassigned) => Tyler Hicks (tyhicks)
** Changed in: apparmor (Ubuntu)
Importance: Undecided => High
** Tags added: aa-parser
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1584165
Title:
a change_profile rule with an exec condition allows for a direct
changeprofile operation
Status in AppArmor:
Triaged
Status in apparmor package in Ubuntu:
Triaged
Bug description:
The sequence of commands below should not succeed. They show that the
parser is incorrectly encoding a change_profile rule with an exec
condition to allow a direct changeprofile operation without the exec
condition being satisfied.
$ echo "profile nt { file, signal, unix, }" | sudo apparmor_parser -qr
$ echo "profile test { file, signal, unix, change_profile /does/not/exist ->
nt, }" | sudo apparmor_parser -qr
$ aa-exec -p test -- bash
$ cat /proc/self/attr/current
test (enforce)
# IMPORTANT: This command should fail instead of allowing the process confined
# by the # "test" profile change to the "nt" profile without an exec
$ echo "changeprofile nt" > /proc/self/attr/current
$ cat /proc/self/attr/current
nt (enforce)
To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/1584165/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
