[apparmor] [PATCH] aa-easyprof updates
Jamie Strandboge
jamie at canonical.com
Sat Jul 6 17:37:20 UTC 2013
On 07/05/2013 03:08 PM, Seth Arnold wrote:
> On Mon, Jul 01, 2013 at 05:15:07PM -0500, Jamie Strandboge wrote:
>> + def set_template(self, template, allow_abs_path=True):
>> '''Set current template'''
>> self.template = template
>> + if "../" in template:
>> + raise AppArmorException('template "%s" contains "../" escape path' % (template))
>> + if template.startswith('/'):
>> + if not allow_abs_path:
>> + raise AppArmorException("Cannot use an absolute path template '%s'" % template)
>> + else:
>> self.template = os.path.join(self.dirs['templates'], template)
>> if not os.path.exists(self.template):
>> raise AppArmorException('%s does not exist' % (self.template))
>
> There's a race condition here; well, maybe not -race-, but self.template
> is updated before the sanity checks are performed. If either of those
> exceptions gets ignored in callers, the template is set to unsafe values.
>
Hmmm, I can fix it, but if a caller chooses to use a try clause and then ignore
it, I'm kinda thinking that is the caller's problem, no? I mean, that is why I'm
raising the exception here.
I don't like how I am mixing and matching checking template and self.template
though, so I'll change that right away.
--
Jamie Strandboge http://www.ubuntu.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 899 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20130706/060cad68/attachment.pgp>
More information about the AppArmor
mailing list