FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.

» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Ubuntu > Ubuntu Kernel Team
Reload this Page UBUNTU: SAUCE: AppArmor: Fix oops after profile removal

 
 
LinkBack Thread Tools
 
Old 11-09-2009, 07:41 PM
John Johansen
 
Default UBUNTU: SAUCE: AppArmor: Fix oops after profile removal
BugLink: http://bugs.launchpad.net/bugs/475619

Profile removal results in child profiles having their replacedby field
assigned an ERR_PTR. Which will cause a null pointer oops. This will
affect any application that has a profile in a hat, or a learning
mode subprofile when the base profile is removed.

The use of ERR_PTR used to be the way AppArmor would distinguish between a
removal and unconfined, this became invalid when the namespace->unconfined
profile was introduced.

After replacement the child process will change its context so that
its profile is set ERR_PTR, the ERR_PTR then gets filtered to a NULL ptr
which then causes the oops.

Signed-off-by: John Johansen <john.johansen@canonical.com>
---
ubuntu/apparmor/policy.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/ubuntu/apparmor/policy.c b/ubuntu/apparmor/policy.c
index 390bbf6..a772801 100644
--- a/ubuntu/apparmor/policy.c
+++ b/ubuntu/apparmor/policy.c
@@ -322,7 +322,7 @@ void __aa_remove_profile(struct aa_profile *profile,
if (replacement)
profile->replacedby = aa_get_profile(replacement);
else
- profile->replacedby = ERR_PTR(-EINVAL);
+ profile->replacedby = aa_get_profile(profile->ns->unconfined);
list_del_init(&profile->base.list);
if (!(profile->flags & PFLAG_NO_LIST_REF))
aa_put_profile(profile);
--
1.6.3.3


--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team
 
Old 11-10-2009, 05:29 PM
John Johansen
 
Default UBUNTU: SAUCE: AppArmor: Fix oops after profile removal
BugLink: http://bugs.launchpad.net/bugs/475619

SRU Justicication: this bug can cause a null pointer dereference kernel
oops. This will occur any time children profiles are attached to running
processes. This can occur when change_hat, children profiles or profile
learning is used.
---
ubuntu/apparmor/policy.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/ubuntu/apparmor/policy.c b/ubuntu/apparmor/policy.c
index 390bbf6..a772801 100644
--- a/ubuntu/apparmor/policy.c
+++ b/ubuntu/apparmor/policy.c
@@ -322,7 +322,7 @@ void __aa_remove_profile(struct aa_profile *profile,
if (replacement)
profile->replacedby = aa_get_profile(replacement);
else
- profile->replacedby = ERR_PTR(-EINVAL);
+ profile->replacedby = aa_get_profile(profile->ns->unconfined);
list_del_init(&profile->base.list);
if (!(profile->flags & PFLAG_NO_LIST_REF))
aa_put_profile(profile);
--
1.6.3.3


--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team
 

Thread Tools




All times are GMT. The time now is 04:06 AM.

VBulletin, Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org

Contact Us - Linux Archive - Archive - Top -