** Changed in: apparmor (Ubuntu)
Importance: Low => Medium
** Changed in: apparmor (Ubuntu)
Status: Confirmed => Triaged
** Also affects: linux (Ubuntu)
Importance: Undecided
Status: New
** Changed in: linux (Ubuntu)
Status: New => Triaged
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/484786
Title:
Better support for btrfs snapshots
Status in AppArmor Linux application security framework:
Triaged
Status in “apparmor” package in Ubuntu:
Triaged
Status in “linux” package in Ubuntu:
Triaged
Bug description:
Binary package hint: apparmor
I just realized that the btrfs snapshotting ioctl is usable by all
users, not root as I previously assumed. This makes it concerningly
easy for users on btrfs to defeat a path-based MAC framework like
AppArmor.
For example, consider the gdm-guest-session user. If I log into a
gdm-guest-session on btrfs:
(1) ls /home ==> Permission denied as expected, by AppArmor.
(2) cd /tmp
(3) btrfsctl -s test / (Make a snapshot of / in /tmp called test)
(4) cd /tmp/test
(5) Profit! Apparmor-unrestricted mirror of / in /tmp/test!
As btrfs inevitably will become a mainstream filesystem, it's a good time to
begin thinking about how to handle this situation.
To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/484786/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
