[Bug 1045986] Re: Ubuntu AppArmor policy is too lenient with shell scripts

Steve Langasek 1045986 at bugs.launchpad.net
Thu Oct 14 01:39:38 UTC 2021 

The Precise Pangolin has reached end of life, so this bug will not be
fixed for that release

** Changed in: cups (Ubuntu Precise)
       Status: Confirmed => Won't Fix

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to isc-dhcp in Ubuntu.
https://bugs.launchpad.net/bugs/1045986

Title:
  Ubuntu AppArmor policy is too lenient with shell scripts

Status in apparmor package in Ubuntu:
  Fix Released
Status in apport package in Ubuntu:
  Fix Released
Status in chromium-browser package in Ubuntu:
  Fix Released
Status in cups package in Ubuntu:
  Confirmed
Status in dhcp3 package in Ubuntu:
  Invalid
Status in firefox package in Ubuntu:
  Confirmed
Status in isc-dhcp package in Ubuntu:
  Fix Released
Status in apparmor source package in Lucid:
  Invalid
Status in apport source package in Lucid:
  Fix Released
Status in dhcp3 source package in Lucid:
  Fix Released
Status in isc-dhcp source package in Lucid:
  Invalid
Status in apparmor source package in Natty:
  Won't Fix
Status in apport source package in Natty:
  Won't Fix
Status in dhcp3 source package in Natty:
  Invalid
Status in isc-dhcp source package in Natty:
  Fix Released
Status in apparmor source package in Oneiric:
  Fix Released
Status in apport source package in Oneiric:
  Fix Released
Status in dhcp3 source package in Oneiric:
  Invalid
Status in isc-dhcp source package in Oneiric:
  Fix Released
Status in apparmor source package in Precise:
  Fix Released
Status in apport source package in Precise:
  Fix Released
Status in chromium-browser source package in Precise:
  Fix Released
Status in cups source package in Precise:
  Won't Fix
Status in dhcp3 source package in Precise:
  Invalid
Status in firefox source package in Precise:
  Won't Fix
Status in isc-dhcp source package in Precise:
  Fix Released
Status in apparmor source package in Quantal:
  Fix Released
Status in apport source package in Quantal:
  Fix Released
Status in chromium-browser source package in Quantal:
  Fix Released
Status in cups source package in Quantal:
  Won't Fix
Status in dhcp3 source package in Quantal:
  Invalid
Status in firefox source package in Quantal:
  Won't Fix
Status in isc-dhcp source package in Quantal:
  Fix Released

Bug description:
  Dan Rosenberg has blogged about some AppArmor profile weaknesses in Ubuntu:
  http://blog.azimuthsecurity.com/2012/09/poking-holes-in-apparmor-profiles.html

  This bug will track the work needed to fix them. This is a
  continuation of bug #851986, except for PATH and shell scripts.
  Unfortunately, until we have proper environment filtering support in
  AppArmor, we will have to employ more bandaids-- specifically, either
  eliminating Ux/sanitized helper on shell scripts or adjusting those
  shell scripts to explicitly set their PATH. The good news is that
  environment filtering is on the AppArmor roadmap, and it something we
  will be targeting in the future releases. I filed bug #1045985 to more
  easily track the progress of that work.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1045986/+subscriptions

More information about the foundations-bugs mailing list