[apparmor] [PATCH 16/16] apparmor: clear the full task context when setting onexec.
John Johansen
john.johansen at canonical.com
Thu Apr 28 07:40:36 UTC 2016
On 04/27/2016 09:14 PM, Seth Arnold wrote:
> On Wed, Apr 20, 2016 at 11:52:58PM -0700, John Johansen wrote:
>> This prevents a bug where a hat could be used to set onexec and then
>> return to parent with it set.
>>
>> If in a hat when onexec is set then return to parent will be prevented.
>
> This looks like a potentially surprising change. If an exec() fails, a
> program may reasonably try to aa_changehat() back to the parent afterward,
> and continue, no? This change will kill the process if it tries.
>
Indeed, missed this and it very well could be why we aren't doing it. So
what we really need is an orthogonal patch to this where, the onxec setting
is cleared if the exec fails.
Well and we need to document the reason we don't clear it the state here.
I withdraw the patch and will submit the alternative in its place
thanks Seth
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20160428/9f123701/attachment.pgp>
More information about the AppArmor
mailing list