Unexpected behavior on case-insensitive file systems, or case-insensitive directories (e.g, Ext4 since Linux 5.2)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
AppArmor |
New
|
Undecided
|
Unassigned |
Bug Description
Consider the policy,
/usr/bin/less {
deny /opt/kelvin rw,
/** ixrw,
}
Here, the directory /opt is case-insensitive. So the file can be accessed as /opt/kelvin, or /opt/KELVIN (where K = Kelvin Symbol U+212A in Unicode). Note that Latin capital K and Kelvin Symbol are considered identical for case-insensitive matching.
$ touch KELVIN # where K = Kelvin Symbol (U+212A)
$ less kelvin # Uses Latin K. Allows access even though denied in policy.
The above allows access to the file "kelvin" even though the names "KELVIN" and "kelvin" represent the same underlying file.
My understanding is that the AppArmor policy is applied to the filenames stored on-disk and not the filenames supplied in system calls such as open() etc. When the underlying filesystem is case-insensitive, the policy will still match as if the filenames were case-sensitive.
information type: | Private Security → Private |
information type: | Private → Private Security |
Nice, thanks.