AppArmor

aa-logprof crash if log contains (encoded) non-utf8 filename

Bug #1379884 reported by Christian Boltz
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
AppArmor
Triaged
Medium
Unassigned

Bug Description

aa-logprof crashes if the log contains an (encoded) filename (for example, for a denied read access) and that filename contains a non-utf8 special character.

# cat audit.log-bärendienst
type=AVC msg=audit(1411473165.591:504): apparmor="ALLOWED" operation="open" profile="/sbin/klogd" name=2F686F6D652F7379732D746D702F62E472656E6469656E7374 pid=13468 comm="klogd" requested_mask="wc" denied_mask="wc" fsuid=1000 ouid=1000

(the original event/log was for a test profile - I changed it to klogd as an easy reproducer)

# aa-logprof -f audit.log-bärendienst
Reading log entries from audit.log-bärendienst.
Aktualisiere AppArmor-Profile in /etc/apparmor.d.
Änderungen im complain-Modus
Traceback (most recent call last):
  File "aa-logprof", line 52, in <module>
    apparmor.do_logprof_pass(logmark)
  File "/home/cb/apparmor/HEAD-CLEAN/utils/apparmor/aa.py", line 2276, in do_logprof_pass
    ask_the_questions()
  File "/home/cb/apparmor/HEAD-CLEAN/utils/apparmor/aa.py", line 1826, in ask_the_questions
    ans, selected = q.promptUser()
  File "/home/cb/apparmor/HEAD-CLEAN/utils/apparmor/ui.py", line 304, in promptUser
    cmd, arg = self.Text_PromptUser()
  File "/home/cb/apparmor/HEAD-CLEAN/utils/apparmor/ui.py", line 408, in Text_PromptUser
    sys.stdout.write(prompt + '\n')
  File "/usr/lib64/python3.4/encodings/iso8859_15.py", line 19, in encode
    return codecs.charmap_encode(input,self.errors,encoding_table)[0]
UnicodeEncodeError: 'charmap' codec can't encode character '\udce4' in position 54: character maps to <undefined>

Bonus content (note: I'm using de_DE@euro (aka iso-8859-15) as locale, and the filename is also iso-8859-15)

# LANG=C aa-logprof -f audit.log-bärendienst
Traceback (most recent call last):
  File "aa-logprof", line 52, in <module>
    apparmor.do_logprof_pass(logmark)
  File "/home/cb/apparmor/HEAD-CLEAN/utils/apparmor/aa.py", line 2248, in do_logprof_pass
    aaui.UI_Info(_('Reading log entries from %s.') % filename)
  File "/home/cb/apparmor/HEAD-CLEAN/utils/apparmor/ui.py", line 46, in UI_Info
    sys.stdout.write(text + '\n')
UnicodeEncodeError: 'ascii' codec can't encode character '\udce4' in position 36: ordinal not in range(128)

Tags: aa-tools
Jamie Strandboge (jdstrand)
Changed in apparmor:
importance: Undecided → Medium
status: New → Triaged
Revision history for this message
Paweł Krawczyk (pawel-krawczyk) wrote :

This is easy to fix - just add errors='ignore' in open_file_read() in /usr/lib/python3/dist-packages/apparmor/common.py

Nice if this could be added to the release as this is making logprof unusable if there's a single non-ASCII character in the logs.

Revision history for this message
Christian Boltz (cboltz) wrote :

I'm afraid it's not _that_ easy ;-)

We already use errors='surrogateescape' (or 'replace for python 2.x), which means invalid characters (non-ascii, non-utf8) in the logs shouldn't cause any problem.

However this bug is about _encoded_ invalid chars - which means we have hex string (thus ASCII) in the log which then gets decoded by libapparmor - and if the decoded string isn't valid utf8, you'll hit this bug.

If you have an idea or even a patch to fix this, it is more than welcome ;-)

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.