Use of px and pux transition in same profile results in wrong transition
Affects | Status | Importance | Assigned to | Milestone | ||
---|---|---|---|---|---|---|
AppArmor | Status tracked in Master | |||||
2.5 |
Fix Released
|
Medium
|
Unassigned | |||
Master |
Fix Released
|
Medium
|
Unassigned | |||
apparmor (Ubuntu) |
Fix Released
|
Medium
|
John Johansen | |||
Karmic |
Fix Released
|
Medium
|
Jamie Strandboge | |||
Lucid |
Fix Released
|
Medium
|
Jamie Strandboge | |||
Maverick |
Fix Released
|
Medium
|
Jamie Strandboge | |||
Natty |
Fix Released
|
Medium
|
John Johansen |
Bug Description
SRU Justification:
Impact: This bug can result in tasks becoming unexpectedly unconfined when policy is misconfigured.
Fix: The supplied patches are backported from the upstream fix that is in Natty.
Testcase: This bug can be tested in two ways.
Method 1: The apparmor_parser merge conflict checker can be used to detect this bug, as the checker will fail to detect the merge conflict. This can be tested with the following profile (and all other combinations).
profile test {
/foo** Px,
/foo*bar Pux,
}
This test and all possible combinations of it are the tests generated by the gen_xtrans.pl script that the attached patch adds to the test suite.
Method 2: Load profiles into the kernel and test execs follow correct attachment. This requires setting up a profile, and ensuring the transition targets don't have profiles loaded into the kernel. The basic form of the profile needs to be
/bin/test/app {
#...
/bin/a Pux,
/bin/b Px,
}
it is important that the /bin/a program is sorted before /bin/b in the C locale.
The test app should call /bin/b, if the bug is present then the transition from the /bin/test/app profile will fail as there is no profile defined for /bin/b, but because of the bug apparmor will fall back to unconfined. This can be checked using aa-status, which should show /bin/b as not being confined by a profile.
---
When the combination of px, pux or cx, cux or any of their safe, or named profile transition counterparts appear in a profile together, the transition is handled incorrectly.
If px appears before pux then all pux transitions become px
If pux appears before px then all px transitions become pux transitions
The same thing happens for (Px, Pux). (Cx, Cux), etc.
description: | updated |
description: | updated |
Changed in apparmor (Ubuntu Lucid): | |
status: | Triaged → In Progress |
Changed in apparmor (Ubuntu Maverick): | |
status: | Triaged → In Progress |
Changed in apparmor (Ubuntu Karmic): | |
status: | Triaged → In Progress |
visibility: | private → public |
Changed in apparmor (Ubuntu Maverick): | |
assignee: | Jamie Strandboge (jdstrand) → Mile (milevu) |
Changed in apparmor (Ubuntu Maverick): | |
assignee: | Mile (milevu) → nobody |
Changed in apparmor (Ubuntu Maverick): | |
assignee: | nobody → Jamie Strandboge (jdstrand) |
Changed in apparmor (Ubuntu Karmic): | |
assignee: | Jamie Strandboge (jdstrand) → ROOTMAN MR (xrootmanx) |
Changed in apparmor (Ubuntu Karmic): | |
assignee: | ROOTMAN MR (xrootmanx) → Jamie Strandboge (jdstrand) |
Patch in r1587 of apparmor trunk (2.6 series). Natty not affected.