[apparmor] [patch] Handle quoted peers when parsing ptrace rules

Kshitij Gupta kgupta8592 at gmail.com
Thu Feb 11 20:59:06 UTC 2016 

Hello

On Wed, Jan 6, 2016 at 10:41 PM, Christian Boltz <apparmor at cboltz.de> wrote:

> Hallo,
>
lol

>
> I noticed in Simon's sshd profile that the ptrace peer can contain a
> quoted value - something I missed when writing the PtraceRule class.
>
> This patch adds handling for quoted values and two testcases for it.
>
>
> [ 62-ptrace-peer-strip-quotes.diff ]
>
> === modified file ./utils/apparmor/rule/ptrace.py
> --- utils/apparmor/rule/ptrace.py       2016-01-02 23:41:49.811539038 +0100
> +++ utils/apparmor/rule/ptrace.py       2016-01-06 18:02:51.563196306 +0100
> @@ -14,7 +14,7 @@
>
>  import re
>
> -from apparmor.regex import RE_PROFILE_PTRACE, RE_PROFILE_NAME
> +from apparmor.regex import RE_PROFILE_PTRACE, RE_PROFILE_NAME,
> strip_quotes
>
wow! strip_quotes is a function in regex module! (pretty sure I'm to blame
for it but still)

 from apparmor.common import AppArmorBug, AppArmorException
>  from apparmor.rule import BaseRule, BaseRuleset, check_and_split_list,
> logprof_value_or_all, parse_modifiers, quote_if_needed
>
> @@ -99,7 +99,7 @@
>                  access = PtraceRule.ALL
>
>              if details.group('peer'):
> -                peer = details.group('peer')
> +                peer = strip_quotes(details.group('peer'))
>              else:
>                  peer = PtraceRule.ALL
>          else:
> === modified file ./utils/test/test-ptrace.py
> --- utils/test/test-ptrace.py   2016-01-06 18:09:08.007976455 +0100
> +++ utils/test/test-ptrace.py   2016-01-06 18:08:41.431926398 +0100
> @@ -54,9 +54,11 @@
>          ('deny ptrace read, # cmt'              , exp(False, False, True
> , ' # cmt',  {'read'},     False, None,           True     )),
>          ('audit allow ptrace,'                  , exp(True , True ,
> False, '',        None  ,       True , None,           True     )),
>          ('ptrace peer=unconfined,'              , exp(False, False,
> False, '',        None  ,       True , 'unconfined',   False    )),
> +        ('ptrace peer="unconfined",'            , exp(False, False,
> False, '',        None  ,       True , 'unconfined',   False    )),
>          ('ptrace read,'                         , exp(False, False,
> False, '',        {'read'},     False, None,           True     )),
>          ('ptrace peer=/foo,'                    , exp(False, False,
> False, '',        None  ,       True , '/foo',         False    )),
>          ('ptrace r peer=/foo,'                  , exp(False, False,
> False, '',        {'r'},        False, '/foo',         False    )),
> +        ('ptrace r peer="/foo bar",'            , exp(False, False,
> False, '',        {'r'},        False, '/foo bar',     False    )),
>      ]
>
>      def _run_test(self, rawrule, expected):
>
> Thanks for the patch.

Acked-by: Kshitij Gupta <kgupta8592 at gmail.com>

>
> Regards,
>
> Christian Boltz
> --
> Yes, we all write crappy software and have no idea what we are doing and
> should listen to everyone who tells us to stop because they are the ones
> who know best. [Greg KH in opensuse-factory]
>
> --
> AppArmor mailing list
> AppArmor at lists.ubuntu.com
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/apparmor
>
>


-- 
Regards,

Kshitij Gupta
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20160212/353c37e8/attachment.html>

More information about the AppArmor mailing list