[apparmor] [Bug 897957] [NEW] aa-genprof/logprof don't recognize encoded profile names
John Johansen
john.johansen at canonical.com
Wed Nov 30 01:06:58 UTC 2011
Public bug reported:
When a profile name contains spaces or none printable characters, it
gets encoded when logged.
eg.
[289763.843292] type=1400 audit(1322614912.304:857): apparmor="ALLOWED" operation="getattr" parent=16001 profile=74657374207370616365 name="/lib/x86_64-linux-gnu/libdl-2.13.so" pid=17011 comm="bash" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
which can be decoded with aa-decode
> aa-decode 74657374207370616365
Decoded: test space
however aa-logprof and aa-genprof do no recognize encoded profile names
and skip log entries containing them.
** Affects: apparmor
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of AppArmor
Developers, which is the registrant for AppArmor.
https://bugs.launchpad.net/bugs/897957
Title:
aa-genprof/logprof don't recognize encoded profile names
Status in AppArmor Linux application security framework:
New
Bug description:
When a profile name contains spaces or none printable characters, it
gets encoded when logged.
eg.
[289763.843292] type=1400 audit(1322614912.304:857): apparmor="ALLOWED" operation="getattr" parent=16001 profile=74657374207370616365 name="/lib/x86_64-linux-gnu/libdl-2.13.so" pid=17011 comm="bash" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
which can be decoded with aa-decode
> aa-decode 74657374207370616365
Decoded: test space
however aa-logprof and aa-genprof do no recognize encoded profile
names and skip log entries containing them.
To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/897957/+subscriptions
More information about the AppArmor
mailing list