[Bug 1045986] Re: Ubuntu AppArmor policy is too lenient with shell scripts
Launchpad Bug Tracker
1045986 at bugs.launchpad.net
Fri Sep 7 04:33:28 UTC 2012
This bug was fixed in the package apport - 2.5.1-0ubuntu7
---------------
apport (2.5.1-0ubuntu7) quantal-proposed; urgency=low
* bin/apport-bug: Explicitly set the PATH to that of ENV_SUPATH in
/etc/login.defs and unset ENV and CDPATH. We need do this so that confined
applications using ubuntu-browsers.d/ubuntu-integration cannot abuse the
environment to escape AppArmor confinement via this script (LP: #1045986).
This can be removed once AppArmor supports environment filtering
(LP: 1045985)
apport (2.5.1-0ubuntu6) quantal; urgency=low
* data/general/ubuntu.py: handle the case where a log file is compressed
when reviewing package installation failures (LP: #917903)
apport (2.5.1-0ubuntu5) quantal; urgency=low
* Use Python string rather than QString, LP: #1028984
-- Jamie Strandboge <jamie at ubuntu.com> Wed, 05 Sep 2012 08:38:23 -0500
** Changed in: apport (Ubuntu Quantal)
Status: Fix Committed => Fix Released
** Changed in: isc-dhcp (Ubuntu Quantal)
Status: Fix Committed => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-3570
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-3571
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-3954
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to isc-dhcp in Ubuntu.
https://bugs.launchpad.net/bugs/1045986
Title:
Ubuntu AppArmor policy is too lenient with shell scripts
Status in “apparmor” package in Ubuntu:
Triaged
Status in “apport” package in Ubuntu:
Fix Released
Status in “chromium-browser” package in Ubuntu:
Confirmed
Status in “cups” package in Ubuntu:
Confirmed
Status in “dhcp3” package in Ubuntu:
Invalid
Status in “firefox” package in Ubuntu:
Confirmed
Status in “isc-dhcp” package in Ubuntu:
Fix Released
Status in “apparmor” source package in Lucid:
Invalid
Status in “apport” source package in Lucid:
Fix Committed
Status in “chromium-browser” source package in Lucid:
Confirmed
Status in “cups” source package in Lucid:
Confirmed
Status in “dhcp3” source package in Lucid:
Fix Committed
Status in “firefox” source package in Lucid:
Confirmed
Status in “isc-dhcp” source package in Lucid:
Invalid
Status in “apparmor” source package in Natty:
Triaged
Status in “apport” source package in Natty:
Fix Committed
Status in “chromium-browser” source package in Natty:
Confirmed
Status in “cups” source package in Natty:
Confirmed
Status in “dhcp3” source package in Natty:
Invalid
Status in “firefox” source package in Natty:
Confirmed
Status in “isc-dhcp” source package in Natty:
Fix Committed
Status in “apparmor” source package in Oneiric:
Triaged
Status in “apport” source package in Oneiric:
Fix Committed
Status in “chromium-browser” source package in Oneiric:
Confirmed
Status in “cups” source package in Oneiric:
Confirmed
Status in “dhcp3” source package in Oneiric:
Invalid
Status in “firefox” source package in Oneiric:
Confirmed
Status in “isc-dhcp” source package in Oneiric:
Fix Committed
Status in “apparmor” source package in Precise:
Triaged
Status in “apport” source package in Precise:
Fix Committed
Status in “chromium-browser” source package in Precise:
Confirmed
Status in “cups” source package in Precise:
Confirmed
Status in “dhcp3” source package in Precise:
Invalid
Status in “firefox” source package in Precise:
Confirmed
Status in “isc-dhcp” source package in Precise:
Fix Committed
Status in “apparmor” source package in Quantal:
Triaged
Status in “apport” source package in Quantal:
Fix Released
Status in “chromium-browser” source package in Quantal:
Confirmed
Status in “cups” source package in Quantal:
Confirmed
Status in “dhcp3” source package in Quantal:
Invalid
Status in “firefox” source package in Quantal:
Confirmed
Status in “isc-dhcp” source package in Quantal:
Fix Released
Bug description:
Dan Rosenberg has blogged about some AppArmor profile weaknesses in Ubuntu:
http://blog.azimuthsecurity.com/2012/09/poking-holes-in-apparmor-profiles.html
This bug will track the work needed to fix them. This is a
continuation of bug #851986, except for PATH and shell scripts.
Unfortunately, until we have proper environment filtering support in
AppArmor, we will have to employ more bandaids-- specifically, either
eliminating Ux/sanitized helper on shell scripts or adjusting those
shell scripts to explicitly set their PATH. The good news is that
environment filtering is on the AppArmor roadmap, and it something we
will be targeting in the future releases. I filed bug #1045985 to more
easily track the progress of that work.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1045986/+subscriptions
More information about the foundations-bugs
mailing list