[PATCH 2/5] UBUNTU: SAUCE: AppArmor: Fix Oops when in apparmor_bprm_set_creds
Stefan Bader
stefan.bader at canonical.com
Wed Nov 11 13:18:21 UTC 2009
Looks right. Either profiles is NULL or the flags are checked.
John Johansen wrote:
> BugLink: http://bugs.launchpad.net/bugs/437258
>
> SRU Justification: This can cause an oops at 000068. This will happen to
> all processes confined or unconfined when name resolution fails at exec.
> This can happen in a couple different cases, applications like psxe, and mugen
> munge the process during their decrompress and set up links so that a valid
> name does not exist. The other way that this can happen is executing code
> from a path that has been lazily unmounted. This can occur with nfs and
> automounters, or any mount point that gets unmounted with lazy unmount allowed.
>
>
> If name resolution fails due on exec and a profile is not defined
> then AppArmor will cause an oops due to a broken conditional leading to
> dereferencing a profile pointer that is null.
>
> Signed-off-by: John Johansen <john.johansen at canonical.com>
Acked-by: Stefan Bader <stefan.bader at canonical.com>
> ---
> ubuntu/apparmor/domain.c | 2 +-
> 1 files changed, 1 insertions(+), 1 deletions(-)
>
> diff --git a/ubuntu/apparmor/domain.c b/ubuntu/apparmor/domain.c
> index aa25be2..128e527 100644
> --- a/ubuntu/apparmor/domain.c
> +++ b/ubuntu/apparmor/domain.c
> @@ -248,7 +248,7 @@ int apparmor_bprm_set_creds(struct linux_binprm *bprm)
> sa.base.error = aa_get_name(&bprm->file->f_path, 0, &buffer,
> (char **) &sa.name);
> if (sa.base.error) {
> - if (profile || profile->flags & PFLAG_IX_ON_NAME_ERROR)
> + if (!profile || profile->flags & PFLAG_IX_ON_NAME_ERROR)
> sa.base.error = 0;
> sa.base.info = "Exec failed name resolution";
> sa.name = bprm->filename;
More information about the kernel-team
mailing list