[apparmor] [patch] libapparmor: fix aa_change_hat token format string
Steve Beattie
steve at nxnw.org
Thu Jan 23 10:44:35 UTC 2014
This patch fixes the format string for the magic token in aa_change_hat
to match the type of the magic token (long). Without this, on 64
bit platforms, only the bottom 32 bits of the token would be used.
aa_change_hatv() has the correct format string, so an aa_change_hatv()
call followed by an exiting aa_change_hat() call would result in
the latter having a different token, which would cause the process
to be killed by apparmor. An aa_change_hat() followed by another
aa_change_hat() would be safe, as would platforms where int and long
are the same size.
This patch is for trunk and 2.8.
(Hat tip to John Johansen for spotting the actual bug.)
Signed-off-by: Steve Beattie <steve at nxnw.org>
---
libraries/libapparmor/src/kernel_interface.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Index: b/libraries/libapparmor/src/kernel_interface.c
===================================================================
--- a/libraries/libapparmor/src/kernel_interface.c
+++ b/libraries/libapparmor/src/kernel_interface.c
@@ -355,7 +355,7 @@ int aa_change_hat(const char *subprofile
int rc = -1;
int len = 0;
char *buf = NULL;
- const char *fmt = "changehat %016x^%s";
+ const char *fmt = "changehat %016lx^%s";
/* both may not be null */
if (!(token || subprofile)) {
--
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20140123/7cd1b572/attachment-0001.pgp>
More information about the AppArmor
mailing list