[apparmor] [patch] Handle quoted peers when parsing ptrace rules

Christian Boltz apparmor at cboltz.de
Wed Jan 6 17:11:40 UTC 2016 

Hallo,

I noticed in Simon's sshd profile that the ptrace peer can contain a
quoted value - something I missed when writing the PtraceRule class.

This patch adds handling for quoted values and two testcases for it.


[ 62-ptrace-peer-strip-quotes.diff ]

=== modified file ./utils/apparmor/rule/ptrace.py
--- utils/apparmor/rule/ptrace.py       2016-01-02 23:41:49.811539038 +0100
+++ utils/apparmor/rule/ptrace.py       2016-01-06 18:02:51.563196306 +0100
@@ -14,7 +14,7 @@
 
 import re
 
-from apparmor.regex import RE_PROFILE_PTRACE, RE_PROFILE_NAME
+from apparmor.regex import RE_PROFILE_PTRACE, RE_PROFILE_NAME, strip_quotes
 from apparmor.common import AppArmorBug, AppArmorException
 from apparmor.rule import BaseRule, BaseRuleset, check_and_split_list, logprof_value_or_all, parse_modifiers, quote_if_needed
 
@@ -99,7 +99,7 @@
                 access = PtraceRule.ALL
 
             if details.group('peer'):
-                peer = details.group('peer')
+                peer = strip_quotes(details.group('peer'))
             else:
                 peer = PtraceRule.ALL
         else:
=== modified file ./utils/test/test-ptrace.py
--- utils/test/test-ptrace.py   2016-01-06 18:09:08.007976455 +0100
+++ utils/test/test-ptrace.py   2016-01-06 18:08:41.431926398 +0100
@@ -54,9 +54,11 @@
         ('deny ptrace read, # cmt'              , exp(False, False, True , ' # cmt',  {'read'},     False, None,           True     )),
         ('audit allow ptrace,'                  , exp(True , True , False, '',        None  ,       True , None,           True     )),
         ('ptrace peer=unconfined,'              , exp(False, False, False, '',        None  ,       True , 'unconfined',   False    )),
+        ('ptrace peer="unconfined",'            , exp(False, False, False, '',        None  ,       True , 'unconfined',   False    )),
         ('ptrace read,'                         , exp(False, False, False, '',        {'read'},     False, None,           True     )),
         ('ptrace peer=/foo,'                    , exp(False, False, False, '',        None  ,       True , '/foo',         False    )),
         ('ptrace r peer=/foo,'                  , exp(False, False, False, '',        {'r'},        False, '/foo',         False    )),
+        ('ptrace r peer="/foo bar",'            , exp(False, False, False, '',        {'r'},        False, '/foo bar',     False    )),
     ]
 
     def _run_test(self, rawrule, expected):


Regards,

Christian Boltz
-- 
Yes, we all write crappy software and have no idea what we are doing and
should listen to everyone who tells us to stop because they are the ones
who know best. [Greg KH in opensuse-factory]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20160106/23088f13/attachment.pgp>

More information about the AppArmor mailing list