[apparmor] [PATCH 2/3] libapparmor: Open fds may be revalidated after aa_change_profile()
Tyler Hicks
tyhicks at canonical.com
Wed Jan 27 18:39:37 UTC 2016
On 2016-01-27 07:25:04, John Johansen wrote:
> On 01/26/2016 04:18 PM, Tyler Hicks wrote:
> > It is possible that file descriptors will be revalidated after an
> > aa_change_profile() but there is a lot of complexity involved that
> > doesn't need to be spelled out in the man page. Instead, mention that
> > revalidation is possible but the only way to ensure that file
> > descriptors are not passed on is to close them.
> >
> > Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
> > Reported-by: Seth Arnold <seth.arnold at canonical.com>
>
> So I agree that that paragraph is not the place for the detail information
> about the complexity of change_hat/change_profile and remediation. But I
> do think its important we document it, and stick a reference in the
> man page. Whether it should go in a notes section, or a separate man page
> I am ambivalent on.
Ok, I'll think about a clear way to explain the details and stick them
in the NOTES.
Tyler
>
> but this change as it stands is good
>
> Acked-by: John Johansen <john.johansen at canonical.com>
>
> > ---
> > libraries/libapparmor/doc/aa_change_profile.pod | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/libraries/libapparmor/doc/aa_change_profile.pod b/libraries/libapparmor/doc/aa_change_profile.pod
> > index 6457c33..3cad427 100644
> > --- a/libraries/libapparmor/doc/aa_change_profile.pod
> > +++ b/libraries/libapparmor/doc/aa_change_profile.pod
> > @@ -48,7 +48,7 @@ If a program wants to return out of the current profile to the
> > original profile, it may use aa_change_hat(2). Otherwise, the two profiles must
> > have rules permitting changing between the two profiles.
> >
> > -Open file descriptors are not remediated after a call to aa_change_profile()
> > +Open file descriptors may not be remediated after a call to aa_change_profile()
> > so the calling program must close(2) open file descriptors to ensure they
> > are not available after calling aa_change_profile(). As aa_change_profile()
> > is typically used just before execve(2), you may want to use open(2) or
> >
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20160127/810d2813/attachment.pgp>
More information about the AppArmor
mailing list