secure exec layering violation

Bug #1491189 reported by John Johansen
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
AppArmor
Confirmed
Medium
Unassigned

Bug Description

The way apparmor sets up and tracks the need for secureexec between security_bprm_set_creds and security_bprm_secureexec is wrong.

apparmor sets an unused bit in the bprm->unsafe flag set. This has a few problems
1. Its unreserved so future code may use that bit
2. bprm code code clear, set the entire unsafe flag set instead of doing bit setting
3. lsms can now be stacked so multiple lsms may be looking at the flag set and having unknown bits set may cause a problem

None of these currently occur but they could and the problem would not be immediately apparent.

Since it is apparmor specific, the flag should be tracked in an apparmor specific way. Likely off of the apparmor part of the cred in the bprm.

Tags: aa-kernel
Changed in apparmor:
status: New → Confirmed
importance: Undecided → Medium
Christian Boltz (cboltz)
tags: added: aa-kernel
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.