[apparmor] [patch] Ignore ptrace log events without denied_mask

Christian Boltz apparmor at cboltz.de
Fri May 19 21:24:58 UTC 2017 

Hello,

$subject.
This fixes a crash in the tools.

Reported by peetaur on IRC.


I propose this patch for trunk and 2.11.


[ 01-logparser-ignore-ptrace-without-denied_mask.diff ]

--- utils/apparmor/logparser.py 2017-05-19 23:14:20.278362000 +0200
+++ utils/apparmor/logparser.py 2017-05-19 23:16:23.854422934 +0200
@@ -348,6 +348,9 @@
             if not e['peer']:
                 self.debug_logger.debug('ignored garbage ptrace event with empty peer')
                 return None
+            if not e['denied_mask']:
+                self.debug_logger.debug('ignored garbage ptrace event with empty denied_mask')
+                return None
 
             return(e['pid'], e['parent'], 'ptrace',
                              [profile, hat, prog, aamode, e['denied_mask'], e['peer']])
=== added file 'libraries/libapparmor/testsuite/test_multi/ptrace_no_denied_mask.err'
=== added file 'libraries/libapparmor/testsuite/test_multi/ptrace_no_denied_mask.in'
--- libraries/libapparmor/testsuite/test_multi/ptrace_no_denied_mask.in 1970-01-01 00:00:00 +0000
+++ libraries/libapparmor/testsuite/test_multi/ptrace_no_denied_mask.in 2017-05-19 19:45:51 +0000
@@ -0,0 +1,1 @@
+type=AVC msg=audit(1495217772.047:4471): apparmor="DENIED" operation="ptrace" profile="/usr/bin/pidgin" pid=21704 comm="pidgin" peer="unconfined"

=== added file 'libraries/libapparmor/testsuite/test_multi/ptrace_no_denied_mask.out'
--- libraries/libapparmor/testsuite/test_multi/ptrace_no_denied_mask.out        1970-01-01 00:00:00 +0000
+++ libraries/libapparmor/testsuite/test_multi/ptrace_no_denied_mask.out        2017-05-19 19:46:03 +0000
@@ -0,0 +1,11 @@
+START
+File: ptrace_1.in
+Event type: AA_RECORD_DENIED
+Audit ID: 1495217772.047:4471
+Operation: ptrace
+Profile: /usr/bin/pidgin
+Peer: unconfined
+Command: pidgin
+PID: 21704
+Epoch: 1495217772
+Audit subid: 4471

=== added file 'libraries/libapparmor/testsuite/test_multi/ptrace_no_denied_mask.profile'
--- libraries/libapparmor/testsuite/test_multi/ptrace_no_denied_mask.profile    1970-01-01 00:00:00 +0000
+++ libraries/libapparmor/testsuite/test_multi/ptrace_no_denied_mask.profile    2017-05-19 21:09:24 +0000
@@ -0,0 +1,2 @@
+/usr/bin/pidgin {
+}



Regards,

Christian Boltz
-- 
Persönliche Daten sind wie Plutonium.
Wenn zuviele davon auf einem Haufen liegen, wird es kritisch.
[Dirk Engeling, CCC]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20170519/a8496806/attachment.pgp>

More information about the AppArmor mailing list