| 2009-11-05 17:26:19 |
Richard Lee |
bug |
|
|
added bug |
| 2009-11-05 17:26:19 |
Richard Lee |
attachment added |
|
Syslog output http://launchpadlibrarian.net/35180245/apparmor_spew.syslog.txt |
|
| 2009-11-06 15:03:18 |
John Johansen |
attachment added |
|
Propose patch to fix oops http://launchpadlibrarian.net/35250235/fix-child-ops.diff |
|
| 2009-11-10 18:14:23 |
John Johansen |
description |
Binary package hint: apparmor
Description: Ubuntu 9.10
Release: 9.10
Package: apparmor
System: Linux tehcomputer 2.6.31-14-generic #48-Ubuntu SMP Fri Oct 16 14:05:01 UTC 2009 x86_64 GNU/Linux
The following will cause a null dereference and a "kernel oops".
Steps:
1. Generate an apparmor profile for empathy (I can send my apparmor profile via email)
2. Make sure empathy can load and no messages are reported in audit.
(Make sure gnome-help isn't allowed to execute by keeping it absent from the apparmor profile)
3. Enforce the empathy apparmor profile
4. Load empathy until empathy UI opens
5. Set empathy profile to complain
6. In empathy, click Help->Contents
7. Verify that audit is sending out complain messages as gnome-help opens with empathy help contents
8. Run apparmor_parser -R /etc/init.d/usr.bin.empathy
Result:
1. Nov 4 16:47:21 tehcomputer kern: [76781.229046] BUG: unable to handle kernel NULL pointer dereference at 0000000000000068 |
SRU Justicication: this bug can cause a null pointer dereference kernel oops. This will occur any time children profiles are attached to running processes. This can occur when change_hat, children profiles or profile learning is used.
Binary package hint: apparmor
Description: Ubuntu 9.10
Release: 9.10
Package: apparmor
System: Linux tehcomputer 2.6.31-14-generic #48-Ubuntu SMP Fri Oct 16 14:05:01 UTC 2009 x86_64 GNU/Linux
The following will cause a null dereference and a "kernel oops".
Steps:
1. Generate an apparmor profile for empathy (I can send my apparmor profile via email)
2. Make sure empathy can load and no messages are reported in audit.
(Make sure gnome-help isn't allowed to execute by keeping it absent from the apparmor profile)
3. Enforce the empathy apparmor profile
4. Load empathy until empathy UI opens
5. Set empathy profile to complain
6. In empathy, click Help->Contents
7. Verify that audit is sending out complain messages as gnome-help opens with empathy help contents
8. Run apparmor_parser -R /etc/init.d/usr.bin.empathy
Result:
1. Nov 4 16:47:21 tehcomputer kern: [76781.229046] BUG: unable to handle kernel NULL pointer dereference at 0000000000000068
|
|
| 2009-11-10 19:40:43 |
John Johansen |
visibility |
private |
public |
|
| 2009-11-10 19:40:43 |
John Johansen |
security vulnerability |
yes |
no |
|
| 2009-11-12 13:47:31 |
Stefan Bader |
apparmor (Ubuntu): status |
New |
Fix Committed |
|
| 2009-11-12 13:47:31 |
Stefan Bader |
apparmor (Ubuntu): assignee |
|
John Johansen (jjohansen) |
|
| 2009-11-12 13:49:06 |
Stefan Bader |
apparmor (Ubuntu): importance |
Undecided |
High |
|
| 2009-11-13 11:30:14 |
Andy Whitcroft |
nominated for series |
|
Ubuntu Karmic |
|
| 2009-11-13 11:54:57 |
Martin Pitt |
bug task added |
|
apparmor (Ubuntu Karmic) |
|
| 2009-11-13 12:01:05 |
Andy Whitcroft |
apparmor (Ubuntu Karmic): status |
New |
Fix Committed |
|
| 2009-11-13 12:01:11 |
Andy Whitcroft |
apparmor (Ubuntu Karmic): importance |
Undecided |
High |
|
| 2009-11-13 12:01:21 |
Andy Whitcroft |
apparmor (Ubuntu Karmic): assignee |
|
John Johansen (jjohansen) |
|
| 2009-12-01 18:49:10 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/linux-ec2 |
|
| 2009-12-05 01:23:14 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/linux-mvl-dove |
|
| 2009-12-05 01:38:14 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/linux-fsl-imx51 |
|
| 2009-12-10 16:19:09 |
Martin Pitt |
tags |
apparmor dereference kernel null oops |
apparmor dereference kernel null oops verification-needed |
|
| 2010-06-05 00:01:29 |
Kees Cook |
apparmor (Ubuntu): status |
Fix Committed |
Fix Released |
|
| 2011-10-14 20:39:38 |
Jamie Strandboge |
apparmor (Ubuntu Karmic): status |
Fix Committed |
Won't Fix |
|
| 2014-02-24 15:24:29 |
Brad Figg |
tags |
apparmor dereference kernel null oops verification-needed |
apparmor dereference kernel null oops verification-needed verification-needed-lucid |
|
