[apparmor] [Patch] [Bug 731184] Re: apparmor_parser fails to consider its own time stamp when determining if profile cache is stale

Steve Beattie steve at nxnw.org
Tue Mar 8 20:56:14 UTC 2011


On Tue, Mar 08, 2011 at 11:26:31AM -0800, Kees Cook wrote:
> On Tue, Mar 08, 2011 at 10:50:58AM -0800, John Johansen wrote:
> > +	cmd = fopen(progname, "r");
> 
> Unfortunately, this won't work since "progname" may be relative to a
> PATH directory.
> 
> $ /sbin/apparmor_parser -h | grep Usage
> Usage: /sbin/apparmor_parser [options] [profile]
> 
> $ apparmor_parser -h | grep Usage
> Usage: apparmor_parser [options] [profile]
> 
> I would suggest fully canonicalizing either progname or this fopen target
> using readlink(/proc/self/exe).
> 
> I would learn toward the former, actually, so that invocation method
> doesn't change the Usage output, etc.

If and when you do, please apply these additions to the caching testcase
as well:

=== modified file 'parser/tst/caching.sh'
--- parser/tst/caching.sh	2011-02-15 18:41:29 +0000
+++ parser/tst/caching.sh	2011-03-08 20:52:04 +0000
@@ -94,3 +94,13 @@
 touch $basedir/cache/$profile
 ../apparmor_parser $ARGS -v -r $basedir/$profile | grep -q 'Cached reload succeeded' || { echo "FAIL"; exit 1; }
 echo "ok"
+
+echo -n "Cache reading is skipped when parser is newer: "
+mkdir $basedir/parser
+cp ../apparmor_parser $basedir/parser/
+$basedir/parser/apparmor_parser $ARGS -v -r $basedir/$profile | grep -q 'Replacement succeeded for' || { echo "FAIL"; exit 1; }
+echo "ok"
+
+echo -n "Cache reading is skipped when parser in \$PATH is newer: "
+(PATH=$basedir/parser/ /bin/sh -c "apparmor_parser $ARGS -v -r $basedir/$profile") | grep -q 'Replacement succeeded for' || { echo "FAIL"; exit 1; }
+echo "ok"


-- 
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20110308/3d69e959/attachment.pgp>


More information about the AppArmor mailing list