oss-sec mailing list archives
Re: Possible CVE Request: improper AppArmor exec transition
From: Jamie Strandboge <jamie () canonical com>
Date: Mon, 03 Jan 2011 17:39:25 -0600
On Mon, 2011-01-03 at 15:33 -0600, Jamie Strandboge wrote:
If the policy is: /usr/bin/baz { ... /usr/bin/bar px, /usr/bin/foo pux, } Then when baz executes /usr/bin/bar, bar will correctly run under the 'bar' profile if it exists, otherwise baz will receive a failed exec. The problem is when baz execs /usr/bin/foo, foo will run under the 'foo' profile if it exists (correct), otherwise baz will receive a failed exec (incorrect). bar should instead run unconfined. This is a bug, but not security relevant as the 'foo pux' rule is treated as a more strict 'foo px'.
This: "bar should instead run unconfined" should have been: "foo should instead run unconfined" Sorry for any confusion. -- Jamie Strandboge | http://www.canonical.com
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Possible CVE Request: improper AppArmor exec transition Jamie Strandboge (Jan 03)
- Re: Possible CVE Request: improper AppArmor exec transition Jamie Strandboge (Jan 03)