** Changed in: apparmor (Ubuntu)
Assignee: Michael (pinky999) => (unassigned)
** Changed in: apparmor (Ubuntu RTM)
Assignee: Michael (pinky999) => (unassigned)
** Changed in: media-hub (Ubuntu RTM)
Assignee: Michael (pinky999) => (unassigned)
--
You received this bug
** Changed in: apparmor (Ubuntu)
Assignee: (unassigned) => Michael (pinky999)
** Changed in: apparmor (Ubuntu RTM)
Assignee: (unassigned) => Michael (pinky999)
** Changed in: media-hub (Ubuntu RTM)
Assignee: (unassigned) => Michael (pinky999)
--
You received this bug
** Also affects: media-hub (Ubuntu)
Importance: Undecided
Status: New
** Also affects: apparmor (Ubuntu RTM)
Importance: Undecided
Status: New
** Also affects: media-hub (Ubuntu RTM)
Importance: Undecided
Status: New
** No longer affects: media-hub
** Changed in:
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: mediascanner2 (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
** Project changed: mediascanner2 => mediascanner2 (Ubuntu)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1381713
Title:
Support policy query interface for file
Status
** Branch linked: lp:ubuntu/wily-proposed/thumbnailer
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1381713
Title:
Support policy query interface for file
Status in
** Changed in: thumbnailer
Status: Fix Committed = Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1381713
Title:
Support policy query interface for
** Changed in: thumbnailer
Status: In Progress = Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1381713
Title:
Support policy query interface for
Foot in mouth. Bug in our code. Have unmarked this from critical.
** Changed in: apparmor (Ubuntu)
Status: Confirmed = Fix Committed
** Changed in: apparmor (Ubuntu)
Importance: Critical = High
** Changed in: thumbnailer
Status: Fix Committed = In Progress
--
You received
We're in the process of trying to land these changes for thumbnailer,
and have been noticing problems with the music-app: we are getting
denials from aa_query_label for files under ~/Music. For example:
$ ./query_file com.ubuntu.music_music_2.1.867
/home/phablet/Music/10-amarillo.mp3
Marking this as critical because it's a showstopper bug: with this bug
present, the music app shows nothing but no artwork thumbnails.
We considered skipping the security check in the thumbnailer to work
around this, but that's not an option: without the security check, any
app can go and ship
It seems this was a transcription problem when I converted the code to
C++, so never mind.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1381713
Title:
Support policy
What is the return code for the failure, and is there a message logged
in dmesg?
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1381713
Title:
Support policy query
It is analogous to access, however the set of races is smaller. Only the
privileged MAC admin user can change the policy, where with access a
user may change a files permissions. If you are using this to test
whether you can open a file, in hopes that open() won't deny it, then
yes this is similar
One thing that comes to mind is that any check that doesn't actually
carry out the intended action (such as opening a file) is subject to
race conditions. Ideallly, what I would like to say is open this file
for me as if I had the following privileges. As is, I think all I can
say is would I be
Fix committed into lp:thumbnailer/devel at revision 219, scheduled for
release in thumbnailer, milestone Unknown
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1381713
** Branch linked: lp:~jamesh/thumbnailer/aa-access-fix
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1381713
Title:
Support policy query interface for file
Status in
Re: your symlink question. AppArmor is returning permissions regarding
reading the symlink it self, which is a precursor to traversing the
symlink to the file it is pointing at.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to
Okay, we've been experimenting with this in the thumbnailer, and will
look to roll it out in the next landing. The first branch adds code
that calls GetConnectionCredentials() to determine the peer's AppArmor
label, while the second one adds aa_query_label based security checks
based on the
Fix committed into lp:thumbnailer/devel at revision 218, scheduled for
release in thumbnailer, milestone Unknown
** Changed in: thumbnailer
Status: In Progress = Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is
** Branch linked: lp:~jamesh/thumbnailer/dbus-aa-credentials
** Branch linked: lp:~jamesh/thumbnailer/use-aa-query-label
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
1. Yes and no. Ideally we would have a aa_query function that accepted
an open file descriptor. That isn't available right now but should be
down the road.
access(2) is more racey, IMO, because unprivileged attackers can modify
file permissions and fool programs doing the access() - open() dance.
It is worth noting that the upcoming apparmor 2.10 release will have
helper functions (aa_query_file_path and aa_query_file_path_len) that
make it easier to query permissions for a file path.
http://bazaar.launchpad.net/~apparmor-
dev/apparmor/master/revision/3081
--
You received this bug
So I gave (2) by creating a symlink in a folder that a particular
profile was could access to a file in folder it didn't have access to.
The query_file utility attached to this bug said I was allowed access to
the symlink.
So I think we need a bit more guidance on how to use this interface
This technique looks quite promising. I have a few questions though:
1. if I do the aa_query_label() check followed by an open() call to read
it, am I open to the same race conditions as if I was relying on
access() to check permissions?
2. if the given path is a symlink, am I checking for
Attached is a example program that builds a file query string.
to build
gcc -o query_file query_file.c -l apparmor
to use
query_file profile_name file1 file2 file3 ...
eg.
./query_file firefox /tmp /tmp/
read '/tmp' denied
read '/tmp/' allowed
** Attachment added: example program
Note: specifying a profile name that doesn't exist will result in an
error like
./query_file badprofile /tmp /tmp/
read '/tmp' error: No such file or directory
read '/tmp/' error: No such file or directory
the apparmor query interface will not tell you if the file being queried does
not exist,
This ability was introduced in the utopic kernel.
** Changed in: apparmor (Ubuntu)
Status: Confirmed = Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
updated query_file.c example to fix a stupid bug
** Attachment added: query_file.c
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1381713/+attachment/4405801/+files/query_file.c
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which
Adding media-hub, mediascanner2 and thumbnailer to this bug since there
is now a way to query apparmor for file access instead of having to
hardcode APP_IDs (see the attached files). This query interface will
improve going forward, but this should be able to clean up the code for
various trusted
** Also affects: apparmor (Ubuntu)
Importance: Undecided
Status: New
** Changed in: apparmor (Ubuntu)
Importance: Undecided = High
** Changed in: apparmor (Ubuntu)
Status: New = Confirmed
--
You received this bug notification because you are a member of Ubuntu
Touch seeded
31 matches
Mail list logo