[apparmor] [patch] Allow ntpd to read directory listings of $PATH
Christian Boltz
apparmor at cboltz.de
Tue Sep 15 12:34:54 UTC 2015
Hello,
Am Montag, 14. September 2015 schrieb Seth Arnold:
> On Mon, Sep 14, 2015 at 01:02:27PM +0200, Christian Boltz wrote:
> > I asked Reinhard Max, the SUSE ntp maintainer - see
> > https://bugzilla.opensuse.org/show_bug.cgi?id=945592
>
> I gave the code a quick skim and it's definitely built its own generic
> colon-separated path searching mechanism with the ability to look for
> readable, writable, and executable files. Based on some of the
> comments nearby it looks like they had reasonable reason to build
> one, though I couldn't tell you why. :)
Thanks for checking it!
> I think the accesses should be allowed -- without it, some portion of
> the program won't work as expected for some configuration. (Feel free
> to consider this:
> Acked-by: Seth Arnold <seth.arnold at canonical.com>
Thanks, commited to trunk.
I forgot to ask - should I also apply this patch to the 2.9 branch?
Regards,
Christian Boltz
--
<suseROCKs> I hate email
<suseROCKs> I hate internet
<suseROCKs> I hate computers
<suseROCKs> why can't we go back to old fashioned smoke signaling??
[from #opensuse-project]
More information about the AppArmor
mailing list