[apparmor] [patch] utils: fix x modifier case setting
John Johansen
john.johansen at canonical.com
Wed Aug 17 22:55:01 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 08/17/2011 03:08 PM, Steve Beattie wrote:
> Hi,
>
> Christian Boltz reported this bug privately to me, and unfortunately
> I have delayed getting it fixed promptly. I apologize for this.
>
> Basically, logprof and genprof create all execute permissions with
> the modifiers as lowercase (meaning to pass on sensitive environment
> variables to the exec'ed process) even if the user told them not to
> when prompted. This patch fixes the issue.
>
> I'm also nominating this fix for 2.6.
>
Acked-by: John Johansen <john.johansen at canonical.com>
> -- Steve Beattie <sbeattie at ubuntu.com> http://NxNW.org/~steve/
>
>
> apparmor-utils-fix_lowercase_x_modifier.patch
>
>
> ---
> utils/Immunix/AppArmor.pm | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> Index: b/utils/Immunix/AppArmor.pm
> ===================================================================
> --- a/utils/Immunix/AppArmor.pm
> +++ b/utils/Immunix/AppArmor.pm
> @@ -2254,7 +2254,7 @@ sub handlechildren($$$) {
> my $ynans = UI_YesNo($px_mesg, $px_default);
> $ans = "CMD_$match";
> if ($ynans eq "y") {
> - $exec_mode &= ~$AA_EXEC_UNSAFE;
> + $exec_mode &= ~($AA_EXEC_UNSAFE | ($AA_EXEC_UNSAFE << $AA_OTHER_SHIFT));
> }
> } elsif ($ans eq "CMD_ux") {
> $exec_mode = str_to_mode("ux");
>
>
Acked-by: John Johansen <john.johansen at canonical.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk5MRrsACgkQxAVxIsEKI+Y87QCbB9K9s0MIJrsFDnHLQnddWmC5
ALQAnAyQBHfhg4G1pkY8+7oHBt9sN3+Z
=jl1M
-----END PGP SIGNATURE-----
More information about the AppArmor
mailing list