[apparmor] [patch] Ignore ptrace log events without denied_mask

Fri, 19 May 2017 14:26:08 -0700 

Hello,

$subject.
This fixes a crash in the tools.

Reported by peetaur on IRC.


I propose this patch for trunk and 2.11.


[ 01-logparser-ignore-ptrace-without-denied_mask.diff ]

--- utils/apparmor/logparser.py 2017-05-19 23:14:20.278362000 +0200
+++ utils/apparmor/logparser.py 2017-05-19 23:16:23.854422934 +0200
@@ -348,6 +348,9 @@
             if not e['peer']:
                 self.debug_logger.debug('ignored garbage ptrace event with 
empty peer')
                 return None
+            if not e['denied_mask']:
+                self.debug_logger.debug('ignored garbage ptrace event with 
empty denied_mask')
+                return None
 
             return(e['pid'], e['parent'], 'ptrace',
                              [profile, hat, prog, aamode, e['denied_mask'], 
e['peer']])
=== added file 
'libraries/libapparmor/testsuite/test_multi/ptrace_no_denied_mask.err'
=== added file 
'libraries/libapparmor/testsuite/test_multi/ptrace_no_denied_mask.in'
--- libraries/libapparmor/testsuite/test_multi/ptrace_no_denied_mask.in 
1970-01-01 00:00:00 +0000
+++ libraries/libapparmor/testsuite/test_multi/ptrace_no_denied_mask.in 
2017-05-19 19:45:51 +0000
@@ -0,0 +1,1 @@
+type=AVC msg=audit(1495217772.047:4471): apparmor="DENIED" operation="ptrace" 
profile="/usr/bin/pidgin" pid=21704 comm="pidgin" peer="unconfined"

=== added file 
'libraries/libapparmor/testsuite/test_multi/ptrace_no_denied_mask.out'
--- libraries/libapparmor/testsuite/test_multi/ptrace_no_denied_mask.out        
1970-01-01 00:00:00 +0000
+++ libraries/libapparmor/testsuite/test_multi/ptrace_no_denied_mask.out        
2017-05-19 19:46:03 +0000
@@ -0,0 +1,11 @@
+START
+File: ptrace_1.in
+Event type: AA_RECORD_DENIED
+Audit ID: 1495217772.047:4471
+Operation: ptrace
+Profile: /usr/bin/pidgin
+Peer: unconfined
+Command: pidgin
+PID: 21704
+Epoch: 1495217772
+Audit subid: 4471

=== added file 
'libraries/libapparmor/testsuite/test_multi/ptrace_no_denied_mask.profile'
--- libraries/libapparmor/testsuite/test_multi/ptrace_no_denied_mask.profile    
1970-01-01 00:00:00 +0000
+++ libraries/libapparmor/testsuite/test_multi/ptrace_no_denied_mask.profile    
2017-05-19 21:09:24 +0000
@@ -0,0 +1,2 @@
+/usr/bin/pidgin {
+}



Regards,

Christian Boltz
-- 
Persönliche Daten sind wie Plutonium.
Wenn zuviele davon auf einem Haufen liegen, wird es kritisch.
[Dirk Engeling, CCC]

Attachment: signature.asc
Description: This is a digitally signed message part.

-- 
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/apparmor

Reply via email to