[apparmor] [patch] AARE: escape exclamation mark
Christian Boltz
apparmor at cboltz.de
Wed Jan 20 19:28:00 UTC 2016
Hello,
'!' is a reserved symbol and needs to be escaped in AARE.
Sidenote:
This bug went unnoticed since years. I noticed it on a server with
AppArmor 2.8.4 where aa-logprof created an invalid profile after
someone uploaded a file with an explanation mark in the filename.
I propose the aa.py part of this patch for trunk, 2.10 and 2.9.
aare.py only exists in trunk, therefore this part is trunk-only.
[ 64-aare-escape-exclamation-mark.diff ]
--- utils/apparmor/aa.py 2016-01-07 21:50:43.035415000 +0100
+++ utils/apparmor/aa.py 2016-01-20 20:16:19.478996074 +0100
@@ -1205,6 +1205,7 @@
detail = detail.replace('*', '\*')
detail = detail.replace('{', '\{')
detail = detail.replace('}', '\}')
+ detail = detail.replace('!', '\!')
# Give Execute dialog if x access requested for
something that's not a directory
# For directories force an 'ix' Path dialog
--- utils/apparmor/aare.py 2015-12-27 16:06:12.635071663 +0100
+++ utils/apparmor/aare.py 2016-01-20 19:53:40.902819126 +0100
@@ -83,7 +83,7 @@
def convert_expression_to_aare(expression):
'''convert an expression (taken from audit.log) to an AARE
string'''
- aare_escape_chars = ['\\', '?', '*', '[', ']', '{', '}', '"']
+ aare_escape_chars = ['\\', '?', '*', '[', ']', '{', '}', '"', '!']
for char in aare_escape_chars:
expression = expression.replace(char, '\\' + char)
Regards,
Christian Boltz
--
> I'm running SUPER. I've a USB mouse attached. The mouse is too
> sensitive, the cursor is moving too fast which is out of my control.
Even the mouse is performance enhanced, wow!
[> Qingjia Zhu and Peter Flodin in opensuse]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20160120/bfe993e3/attachment.pgp>
More information about the AppArmor
mailing list