[apparmor] [Bug 693082] Re: Use of px and pux transition in same profile results in wrong transition

Thu Mar 17 18:32:09 UTC 2011

Closing, apparmor 2.6.0 and 2.5.2 were released.

** Changed in: apparmor/2.5
       Status: Fix Committed => Fix Released

** Changed in: apparmor/master
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of AppArmor
Developers, which is a direct subscriber.
https://bugs.launchpad.net/bugs/693082

Title:
  Use of px and pux transition in same profile results in wrong
  transition

Status in AppArmor Linux application security framework:
  Fix Released
Status in AppArmor 2.5 series:
  Fix Released
Status in AppArmor master series:
  Fix Released
Status in “apparmor” package in Ubuntu:
  Fix Released
Status in “apparmor” source package in Lucid:
  Fix Released
Status in “apparmor” source package in Maverick:
  Fix Released
Status in “apparmor” source package in Natty:
  Fix Released
Status in “apparmor” source package in Karmic:
  Fix Released

Bug description:
  SRU Justification:

  Impact: This bug can result in tasks becoming unexpectedly unconfined
  when policy is misconfigured.

  Fix: The supplied patches are backported from the upstream fix that is
  in Natty.

  Testcase: This bug can be tested in two ways.
  Method 1: The apparmor_parser merge conflict checker can be used to detect this bug, as the checker will fail to detect the merge conflict.  This can be tested with the following profile (and all other combinations).
    profile test {
      /foo** Px,
      /foo*bar Pux,
    }

  This test and all possible combinations of it are the tests generated
  by the gen_xtrans.pl script that the attached patch adds to the test
  suite.

  Method 2: Load profiles into the kernel and test execs follow correct attachment.  This requires setting up a profile, and ensuring the transition targets don't have profiles loaded into the kernel.  The basic form of the profile needs to be
    /bin/test/app {
       #...

       /bin/a Pux,
       /bin/b Px,
    }

    it is important that the /bin/a program is sorted before /bin/b in
  the C locale.

    The test app should call /bin/b, if the bug is present then the
  transition from the /bin/test/app profile will fail as there is no
  profile defined for /bin/b, but because of the bug apparmor will fall
  back to unconfined.  This can be checked using aa-status, which should
  show /bin/b as not being confined by a profile.

  ---

  When the combination of px, pux or cx, cux or any of their safe, or named profile transition counterparts appear in a profile together, the transition is handled incorrectly.
    If px appears before pux then all pux transitions become px
    If pux appears before px then all px transitions become pux transitions

  The same thing happens for (Px, Pux).  (Cx, Cux), etc.