[PATCH 5/5] UBUNTU: SAUCE: AppArmor: Fix oops there is no tracer anddoing unsafe transition.
Tetsuo Handa
from-ubuntu at I-love.SAKURA.ne.jp
Thu Nov 12 11:59:51 UTC 2009
Hello.
John Johansen wrote:
> As reported by Tetsuo Handa on kernel-team mailing list:
Oops. I used wrong sender address and therefore above report didn't reach to
kernel-team mailing list.
Just a comment for AppArmor for Karmic and earlier.
--- security/apparmor/path.c ---
> char *sysctl_pathname(struct ctl_table *table, char *buffer, int buflen)
> {
> if (buflen < 1)
> return NULL;
> buffer += --buflen;
> *buffer = '\0';
>
> while (table) {
> int namelen = strlen(table->procname);
Eric W. Biederman is going to remove table->ctl_name field. Thus, future
versions will be safe to use table->procname without checking for NULL.
But, for past versions, some out-of-tree kernel module might create a table
with table->procname == NULL. Maybe AppArmor for Karmic and earlier should
prepare for NULL because parse_table()'s loop condition allows NULL procname.
>
> if (buflen < namelen + 1)
> return NULL;
> buflen -= namelen + 1;
> buffer -= namelen;
> memcpy(buffer, table->procname, namelen);
> *--buffer = '/';
> table = table->parent;
> }
> if (buflen < 4)
> return NULL;
> buffer -= 4;
> memcpy(buffer, "/sys", 4);
>
> return buffer;
> }
More information about the kernel-team
mailing list