| 2016-05-20 18:23:57 |
Tyler Hicks |
description |
The sequence of commands below should not succeed.
$ echo "profile nt { file, signal, unix, }" | sudo apparmor_parser -qr
$ echo "profile test { file, signal, unix, change_profile /does/not/exist -> nt, }" | sudo apparmor_parser -qr
$ aa-exec -p test -- bash
$ cat /proc/self/attr/current
test (enforce)
# This command should fail instead of allowing the process confined by the "test" profile change to the "nt" profile without an exec
$ echo "changeprofile nt" > /proc/self/attr/current
$ cat /proc/self/attr/current
nt (enforce) |
The sequence of commands below should not succeed. They show that the parser is incorrectly encoding a change_profile rule with an exec condition to allow a direct changeprofile operation without the exec condition being satisfied.
$ echo "profile nt { file, signal, unix, }" | sudo apparmor_parser -qr
$ echo "profile test { file, signal, unix, change_profile /does/not/exist -> nt, }" | sudo apparmor_parser -qr
$ aa-exec -p test -- bash
$ cat /proc/self/attr/current
test (enforce)
# IMPORTANT: This command should fail instead of allowing the process confined
# by the # "test" profile change to the "nt" profile without an exec
$ echo "changeprofile nt" > /proc/self/attr/current
$ cat /proc/self/attr/current
nt (enforce) |
|
