Ubuntu
thumbnailer package

pkg_name calculated incorrectly

Bug #1235444 reported by Jamie Strandboge
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Thumbnailer
Fix Released
Undecided
Unassigned
thumbnailer (Ubuntu)
Fix Released
Critical
Unassigned
Saucy
Fix Released
Critical
Unassigned

Bug Description

get_app_pkg_name() parses the value of /proc/self/attr/current to determine the value to use for the cache directory, but it has an off by one error as seen with this apparmor denial:
Oct 4 14:47:00 localhost kernel: [ 2456.617111] type=1400 audit(1380916020.878:369): apparmor="DENIED" operation="mkdir" parent=3324 profile="net.launchpad.ubuntu-security.ubuntu-sdk-1310-api-demos_ubuntu-sdk-1310-api-demos_0.6" name="/home/jamie/.cache/net.launchpad.ubuntu-security.ubuntu-sdk-1310-api-demo/" pid=15749 comm="qmlscene" requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000

The app's apparmor label is "net.launchpad.ubuntu-security.ubuntu-sdk-1310-api-demos_ubuntu-sdk-1310-api-demos_0.6" so it should use:
/home/jamie/.cache/net.launchpad.ubuntu-security.ubuntu-sdk-1310-api-demos

however is actually uses:
/home/jamie/.cache/net.launchpad.ubuntu-security.ubuntu-sdk-1310-api-demo

This can perhaps be seen more clearly with the attached test program. Steps to reproduce:
$ cat > /tmp/bug.profile <<EOM
#include <tunables/global>
profile test_me {
  file,
}
EOM
$ sudo apparmor_parser -r /tmp/bug.profile
$ g++ /tmp/bug.cpp -o /tmp/bug
$ aa-exec -p test_me -- /tmp/bug
/proc/self/attr/current=test_me (enforce)
app_pkg_name=tes
$

In addition to the above, get_app_pkg_name() is not careful enough in determining the package name. It should throw an error if the value of /proc/self/attr/current doesn't match the following regex:
 ^[a-z0-9][a-z0-9+.-]+_[a-zA-Z0-9+.-]+_[0-9][a-zA-Z0-9.+:~-]*$

(see https://wiki.ubuntu.com/AppStore/Interfaces/ApplicationId for details). To consider why, consider the following valid profile names:
  /usr/bin/lsb_release
  /usr/lib/lightdm/lightdm/lightdm-guest-session-wrapper//chromium_browser
  /opt/foo/_bar

See original description

Related branches

lp:~jpakkane/thumbnailer/off-by-one-fix
Jamie Strandboge: Approve
PS Jenkins bot (community): Approve (continuous-integration)
Unity Team: Pending requested
Diff: 12 lines (+1/-1)
1 file modified
src/thumbnailcache.cpp (+1/-1)
lp:ubuntu/saucy-proposed/thumbnailer
lp:~jpakkane/thumbnailer/validate-appid
Rejected for merging into lp:thumbnailer
Michi Henning (community): Disapprove
PS Jenkins bot (community): Approve (continuous-integration)
Diff: 53 lines (+15/-8)
2 files modified
debian/control (+1/-0)
src/thumbnailcache.cpp (+14/-8)
Revision history for this message
Jamie Strandboge (jdstrand) wrote :
tags: added: application-confinement
Changed in thumbnailer (Ubuntu Saucy):
importance: Undecided → Critical
Jamie Strandboge (jdstrand)
description: updated
summary: - off by one when calculating pkgname
+ pkg_name calculated incorrectly
Revision history for this message
PS Jenkins bot (ps-jenkins) wrote :

Fix committed into lp:thumbnailer at revision 54, scheduled for release in thumbnailer, milestone Unknown

Changed in thumbnailer:
status: New → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package thumbnailer - 1.0+13.10.20131008-0ubuntu1

---------------
thumbnailer (1.0+13.10.20131008-0ubuntu1) saucy; urgency=low

  [ Jussi Pakkanen ]
  * Fix off by one error. (LP: #1235444)
  * Disable use of in-process GStreamer because we use 1.0, which
    clashes with 0.10. (LP: #1235484)

  [ Ubuntu daily release ]
  * Automatic snapshot from revision 55
 -- Ubuntu daily release <email address hidden> Tue, 08 Oct 2013 12:49:51 +0000

Changed in thumbnailer (Ubuntu Saucy):
status: New → Fix Released
James Henstridge (jamesh)
Changed in thumbnailer:
status: Fix Committed → Fix Released
Revision history for this message
Jussi Pakkanen (jpakkane) wrote :

The regex bit is actually not yet implemented.

Changed in thumbnailer:
status: Fix Released → Confirmed
Jamie Strandboge (jdstrand)
Changed in thumbnailer:
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Bug attachments

Remote bug watches

Bug watches keep track of this bug in other bug trackers.