[apparmor] [patch 3/3] profiles: apache2 — allow HANDLING_UNTRUSTED_INPUT access to abstractions/base
Seth Arnold
seth.arnold at canonical.com
Thu Jun 19 06:29:31 UTC 2014
On Wed, Jun 18, 2014 at 05:44:05PM -0700, Steve Beattie wrote:
> This patch adds the abstractions/base abstraction to the
> HANDLING_UNTRUSTED_INPUT apache2 hat.
>
> [I dislike this because the idea for the HANDLING_UNTRUSTED_INPUT is
> that it is to be as minimal as possible, as sort of a poor man's
> privilege separation for when apache is parsing a request and
> determining what to do with it. The abstractions/base abstraction allows
> too much for such a hat IMO. (Honestly, I'd like cut down the existing
> allowed accesses in it.)]
HANDLING_UNTRUSTED_INPUT has always had some unexpected consequences; I
love the idea but it just might not work with Apache's reality. Since we
don't have much chance of fixing reality and changing the module to do
something else is probably not going to happen soon, we might as well make
this as painless as possible.
Also, agreed on cutting down on abstractions/base, but I'm so reluctant to
tighten shipped profiles.
Acked-by: Seth Arnold <seth.arnold at canonical.com>
Thanks
> ---
> profiles/apparmor.d/usr.sbin.apache2 | 1 +
> 1 file changed, 1 insertion(+)
>
> Index: b/profiles/apparmor.d/usr.sbin.apache2
> ===================================================================
> --- a/profiles/apparmor.d/usr.sbin.apache2
> +++ b/profiles/apparmor.d/usr.sbin.apache2
> @@ -88,6 +88,7 @@
> }
>
> ^HANDLING_UNTRUSTED_INPUT {
> + #include <abstractions/base>
> #include <abstractions/apache2-common>
>
> / rw,
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20140618/72e4f481/attachment.pgp>
More information about the AppArmor
mailing list