summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJohn Johansen <john.johansen@canonical.com>2012-03-27 04:14:33 -0700
committerJames Morris <james.l.morris@oracle.com>2012-03-28 01:00:05 +1100
commit0421ea91ddc7895a5a68d3bc670ed4b8e6448a42 (patch)
tree409b065611770dc4b69df1bb80100e001d52c36c
parente22057c8599373e5caef0bc42bdb95d2a361ab0d (diff)
downloadlwn-0421ea91ddc7895a5a68d3bc670ed4b8e6448a42.tar.gz
lwn-0421ea91ddc7895a5a68d3bc670ed4b8e6448a42.zip
apparmor: Fix change_onexec when called from a confined task
Fix failure in aa_change_onexec api when the request is made from a confined task. This failure was caused by two problems The AA_MAY_ONEXEC perm was not being mapped correctly for this case. The executable name was being checked as second time instead of using the requested onexec profile name, which may not be the same as the exec profile name. This mistake can not be exploited to grant extra permission because of the above flaw where the ONEXEC permission was not being mapped so it will not be granted. BugLink: http://bugs.launchpad.net/bugs/963756 Signed-off-by: John Johansen <john.johansen@canonical.com> Signed-off-by: James Morris <james.l.morris@oracle.com>
-rw-r--r--security/apparmor/domain.c3
-rw-r--r--security/apparmor/file.c2
2 files changed, 4 insertions, 1 deletions
diff --git a/security/apparmor/domain.c b/security/apparmor/domain.c
index 7c69599a69e1..6327685c101e 100644
--- a/security/apparmor/domain.c
+++ b/security/apparmor/domain.c
@@ -410,7 +410,8 @@ int apparmor_bprm_set_creds(struct linux_binprm *bprm)
* exec\0change_profile
*/
state = aa_dfa_null_transition(profile->file.dfa, state);
- cp = change_profile_perms(profile, cxt->onexec->ns, name,
+ cp = change_profile_perms(profile, cxt->onexec->ns,
+ cxt->onexec->base.name,
AA_MAY_ONEXEC, state);
if (!(cp.allow & AA_MAY_ONEXEC))
diff --git a/security/apparmor/file.c b/security/apparmor/file.c
index 3022c0f4f0db..5d176f2530c9 100644
--- a/security/apparmor/file.c
+++ b/security/apparmor/file.c
@@ -215,6 +215,8 @@ static struct file_perms compute_perms(struct aa_dfa *dfa, unsigned int state,
/* change_profile wasn't determined by ownership in old mapping */
if (ACCEPT_TABLE(dfa)[state] & 0x80000000)
perms.allow |= AA_MAY_CHANGE_PROFILE;
+ if (ACCEPT_TABLE(dfa)[state] & 0x40000000)
+ perms.allow |= AA_MAY_ONEXEC;
return perms;
}