[apparmor] [patch] Error out if the log contains an exec event for a directory

[Kshitij Gupta]

On Thu, Feb 4, 2016 at 10:23 PM, Christian Boltz <apparmor at cboltz.de> wrote:

> Hello,
>
> according to the discussion with John on IRC, exec log events for
> directories should never happen, therefore let handle_children()
> raise an exception.
>
>
> [ 69-error-out-on-dir-exec.diff ]
>
> --- utils/apparmor/aa.py        2016-02-04 01:21:33.010848414 +0100
> +++ utils/apparmor/aa.py        2016-02-04 17:49:00.985255184 +0100
> @@ -1208,8 +1203,7 @@
>
>                  if mode & str_to_mode('x'):
>                      if os.path.isdir(exec_target):
> -                        mode = mode - apparmor.aamode.ALL_AA_EXEC_TYPE
> -                        mode = mode | str_to_mode('ix')
> +                        raise AppArmorBug('exec permissions requested for
> directory %s. This should not happen - please open a bugreport!' %
> exec_target)
>                      else:
>                          do_execute = True
>
> Thanks for the patch.

Acked-by: Kshitij Gupta <kgupta8592 at gmail.com>

>
>
> Regards,
>
> Christian Boltz
> --
> > > "Frontpage" is a M$ WYSIWYG web page creation program.
> Would you like some Wine with that ActiveX?
> You must have a different Outlook(tm) on things, I thought it was an
> Excel(tm)lent Word(tm). [>> Carl Hartung and Peter Flodin in opensuse]
>
> --
> AppArmor mailing list
> AppArmor at lists.ubuntu.com
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/apparmor
>
>


-- 
Regards,

Kshitij Gupta
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20160210/d75d5151/attachment.html>