[apparmor] [patch] Fix handling of interpreters with parameters

Christian Boltz apparmor at cboltz.de
Sun Oct 18 20:08:54 UTC 2015


Hello,

Am Montag, 19. Oktober 2015 schrieb Kshitij Gupta:
> On Sun, Oct 18, 2015 at 8:50 PM, Christian Boltz wrote:
> > if a script contains a hashbang like
> > 
> >     #! /usr/bin/perl -w
> > 
> > aa-autodep created a profile entry like
> > 
> >     "/usr/bin/perl -w" ix,
> > 
> > which is obviously incorrect.
> > 
> > This patch fixes this (by using only the first part of the hashbang
> > line) and also adds some tests for it.
> > 
> > References: https://bugs.launchpad.net/apparmor/+bug/1505775
> > 
> > 
> > [ 95-fix-handling-interpreters-with-parameters.diff ]
> > 
> > --- utils/apparmor/aa.py        2015-10-18 16:45:00.661993736 +0200
> > +++ utils/apparmor/aa.py        2015-10-18 17:07:20.459211068 +0200
> > @@ -416,8 +416,9 @@
> > 
> >      if not hashbang.startswith('#!'):
> >          return None, None
> > 
> > -    interpreter = hashbang[2:].strip()
> > -    interpreter_path = get_full_path(interpreter)
> > +    # get the interpreter (without parameters)
> > +    interpreter = hashbang[2:].strip().split()
> 
> I'd like to call it "interpreter_and_flags_and_parameters_stuff" but
> could settle for "interpreter_and_flags".
> Or we can make it:
> interpreter_path = hashbang[2:].strip().split()[0]

Good idea, I'll change that before commiting.

> Or
> interpreter_and_flags = hashbang[2:].strip().split()
> interpreter_path = interpreter_and_flags[0]

I prefer the first option ;-)


Regards,

Christian Boltz
-- 
There are no bugs expected after Beta3, that's why it is called RC.
[Jan Engelhardt]




More information about the AppArmor mailing list