a change_profile rule with an exec condition allows for a direct changeprofile operation

Bug #1584165 reported by Tyler Hicks
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
AppArmor
Triaged
High
Tyler Hicks
apparmor (Ubuntu)
Triaged
High
Tyler Hicks

Bug Description

The sequence of commands below should not succeed. They show that the parser is incorrectly encoding a change_profile rule with an exec condition to allow a direct changeprofile operation without the exec condition being satisfied.

$ echo "profile nt { file, signal, unix, }" | sudo apparmor_parser -qr
$ echo "profile test { file, signal, unix, change_profile /does/not/exist -> nt, }" | sudo apparmor_parser -qr
$ aa-exec -p test -- bash
$ cat /proc/self/attr/current
test (enforce)
# IMPORTANT: This command should fail instead of allowing the process confined
# by the # "test" profile change to the "nt" profile without an exec
$ echo "changeprofile nt" > /proc/self/attr/current
$ cat /proc/self/attr/current
nt (enforce)

Tags: aa-parser
Tyler Hicks (tyhicks)
description: updated
Changed in apparmor:
assignee: nobody → Tyler Hicks (tyhicks)
importance: Undecided → High
status: New → Triaged
Changed in apparmor (Ubuntu):
importance: Undecided → High
tags: added: aa-parser
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.