genprof doesn't escape special characters
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| AppArmor |
Expired
|
Undecided
|
Unassigned | ||
Bug Description
(copy&paste from my mail on the apparmor ML)
Just curious - how would that profile name look as filename for
/etc/apparmor.d/ ? Hmm, let's try...
# aa-genprof '/**'
/** does not exist, please double-check the path.
OK, I'm feeling adventurous ;-)
# touch '/**'
# aa-genprof '/**'
The result was the file /etc/apparmor.d/** with
/** flags=() { ... }
In other words: genprof doesn't seem to replace any special character.
Maybe it better should :-/
It should probably also do some escaping in the profile name. My example
was a bit ;-) extreme, but imagine someone is crazy enough to have a
binary called '/bin/b*' and wants to create a profile for it (which is
basically a good idea with such a filename ;-)
The result will be a profile for '/bin/b*' which includes things like
/bin/bash... Do I need to say more? ;-)
(needless to say that I practised unloading the /** profile via the
/sys/kernel/
was the only working option ;-)
| Jamie Strandboge (jdstrand) wrote | #1 |
| Changed in apparmor: | |
| status: | New → Incomplete |
| tags: | added: aa-tools |
| Launchpad Janitor (janitor) wrote | #2 |
| Changed in apparmor: | |
| status: | Incomplete → Expired |
How does this affect the python tools?