pkg_name calculated incorrectly

Bug #1235444 reported by Jamie Strandboge
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Fix Released
thumbnailer (Ubuntu)
Fix Released
Fix Released

Bug Description

get_app_pkg_name() parses the value of /proc/self/attr/current to determine the value to use for the cache directory, but it has an off by one error as seen with this apparmor denial:
Oct 4 14:47:00 localhost kernel: [ 2456.617111] type=1400 audit(1380916020.878:369): apparmor="DENIED" operation="mkdir" parent=3324 profile="net.launchpad.ubuntu-security.ubuntu-sdk-1310-api-demos_ubuntu-sdk-1310-api-demos_0.6" name="/home/jamie/.cache/net.launchpad.ubuntu-security.ubuntu-sdk-1310-api-demo/" pid=15749 comm="qmlscene" requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000

The app's apparmor label is "net.launchpad.ubuntu-security.ubuntu-sdk-1310-api-demos_ubuntu-sdk-1310-api-demos_0.6" so it should use:

however is actually uses:

This can perhaps be seen more clearly with the attached test program. Steps to reproduce:
$ cat > /tmp/bug.profile <<EOM
#include <tunables/global>
profile test_me {
$ sudo apparmor_parser -r /tmp/bug.profile
$ g++ /tmp/bug.cpp -o /tmp/bug
$ aa-exec -p test_me -- /tmp/bug
/proc/self/attr/current=test_me (enforce)

In addition to the above, get_app_pkg_name() is not careful enough in determining the package name. It should throw an error if the value of /proc/self/attr/current doesn't match the following regex:

(see for details). To consider why, consider the following valid profile names:

Related branches

Revision history for this message
Jamie Strandboge (jdstrand) wrote :
tags: added: application-confinement
Changed in thumbnailer (Ubuntu Saucy):
importance: Undecided → Critical
description: updated
summary: - off by one when calculating pkgname
+ pkg_name calculated incorrectly
Revision history for this message
PS Jenkins bot (ps-jenkins) wrote :

Fix committed into lp:thumbnailer at revision 54, scheduled for release in thumbnailer, milestone Unknown

Changed in thumbnailer:
status: New → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package thumbnailer - 1.0+13.10.20131008-0ubuntu1

thumbnailer (1.0+13.10.20131008-0ubuntu1) saucy; urgency=low

  [ Jussi Pakkanen ]
  * Fix off by one error. (LP: #1235444)
  * Disable use of in-process GStreamer because we use 1.0, which
    clashes with 0.10. (LP: #1235484)

  [ Ubuntu daily release ]
  * Automatic snapshot from revision 55
 -- Ubuntu daily release <email address hidden> Tue, 08 Oct 2013 12:49:51 +0000

Changed in thumbnailer (Ubuntu Saucy):
status: New → Fix Released
Changed in thumbnailer:
status: Fix Committed → Fix Released
Revision history for this message
Jussi Pakkanen (jpakkane) wrote :

The regex bit is actually not yet implemented.

Changed in thumbnailer:
status: Fix Released → Confirmed
Changed in thumbnailer:
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Bug attachments