FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.

» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Ubuntu > Ubuntu Kernel Team
Reload this Page UBUNTU: SAUCE: AppArmor: Fix oops there is no tracer anddoing unsafe transition.

 
 
LinkBack Thread Tools
 
Old 11-12-2009, 10:59 AM
Tetsuo Handa
 
Default UBUNTU: SAUCE: AppArmor: Fix oops there is no tracer anddoing unsafe transition.
Hello.

John Johansen wrote:
> As reported by Tetsuo Handa on kernel-team mailing list:
Oops. I used wrong sender address and therefore above report didn't reach to
kernel-team mailing list.



Just a comment for AppArmor for Karmic and earlier.

--- security/apparmor/path.c ---
> char *sysctl_pathname(struct ctl_table *table, char *buffer, int buflen)
> {
> if (buflen < 1)
> return NULL;
> buffer += --buflen;
> *buffer = '';
>
> while (table) {
> int namelen = strlen(table->procname);

Eric W. Biederman is going to remove table->ctl_name field. Thus, future
versions will be safe to use table->procname without checking for NULL.

But, for past versions, some out-of-tree kernel module might create a table
with table->procname == NULL. Maybe AppArmor for Karmic and earlier should
prepare for NULL because parse_table()'s loop condition allows NULL procname.

>
> if (buflen < namelen + 1)
> return NULL;
> buflen -= namelen + 1;
> buffer -= namelen;
> memcpy(buffer, table->procname, namelen);
> *--buffer = '/';
> table = table->parent;
> }
> if (buflen < 4)
> return NULL;
> buffer -= 4;
> memcpy(buffer, "/sys", 4);
>
> return buffer;
> }

--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team
 
Old 11-12-2009, 03:29 PM
John Johansen
 
Default UBUNTU: SAUCE: AppArmor: Fix oops there is no tracer anddoing unsafe transition.
Tetsuo Handa wrote:
> Hello.
>
> John Johansen wrote:
>> As reported by Tetsuo Handa on kernel-team mailing list:
> Oops. I used wrong sender address and therefore above report didn't reach to
> kernel-team mailing list.
>
>
>
> Just a comment for AppArmor for Karmic and earlier.
>
> --- security/apparmor/path.c ---
>> char *sysctl_pathname(struct ctl_table *table, char *buffer, int buflen)
>> {
>> if (buflen < 1)
>> return NULL;
>> buffer += --buflen;
>> *buffer = '';
>>
>> while (table) {
>> int namelen = strlen(table->procname);
>
> Eric W. Biederman is going to remove table->ctl_name field. Thus, future
> versions will be safe to use table->procname without checking for NULL.
>
> But, for past versions, some out-of-tree kernel module might create a table
> with table->procname == NULL. Maybe AppArmor for Karmic and earlier should
> prepare for NULL because parse_table()'s loop condition allows NULL procname.
>
Thanks for pointing this out Tetsuo

--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team
 

Thread Tools




All times are GMT. The time now is 04:05 AM.

VBulletin, Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org

Contact Us - Linux Archive - Archive - Top -