** Changed in: apparmor (Ubuntu)
Assignee: Michael (pinky999) => (unassigned)
** Changed in: apparmor (Ubuntu RTM)
Assignee: Michael (pinky999) => (unassigned)
** Changed in: media-hub (Ubuntu RTM)
Assignee: Michael (pinky999) => (unassigned)
--
You received this bug notification
** Changed in: apparmor (Ubuntu)
Assignee: (unassigned) => Michael (pinky999)
** Changed in: apparmor (Ubuntu RTM)
Assignee: (unassigned) => Michael (pinky999)
** Changed in: media-hub (Ubuntu RTM)
Assignee: (unassigned) => Michael (pinky999)
--
You received this bug notification
** Also affects: media-hub (Ubuntu)
Importance: Undecided
Status: New
** Also affects: apparmor (Ubuntu RTM)
Importance: Undecided
Status: New
** Also affects: media-hub (Ubuntu RTM)
Importance: Undecided
Status: New
** No longer affects: media-hub
** Changed in: m
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: mediascanner2 (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1381713
Title
** Project changed: mediascanner2 => mediascanner2 (Ubuntu)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1381713
Title:
Support policy query interface for file
To manage notifications about this b
** Changed in: thumbnailer
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1381713
Title:
Support policy query interface for file
To manage notifications
** Branch linked: lp:ubuntu/wily-proposed/thumbnailer
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1381713
Title:
Support policy query interface for file
To manage notifications about this bug go
** Changed in: thumbnailer
Status: In Progress => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1381713
Title:
Support policy query interface for file
To manage notifications a
Foot in mouth. Bug in our code. Have unmarked this from critical.
** Changed in: apparmor (Ubuntu)
Status: Confirmed => Fix Committed
** Changed in: apparmor (Ubuntu)
Importance: Critical => High
** Changed in: thumbnailer
Status: Fix Committed => In Progress
--
You received t
It seems this was a transcription problem when I converted the code to
C++, so never mind.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1381713
Title:
Support policy query interface for file
To ma
Marking this as critical because it's a showstopper bug: with this bug
present, the music app shows nothing but "no artwork" thumbnails.
We considered skipping the security check in the thumbnailer to work
around this, but that's not an option: without the security check, any
app can go and ship o
What is the return code for the failure, and is there a message logged
in dmesg?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1381713
Title:
Support policy query interface for file
To manage notif
We're in the process of trying to land these changes for thumbnailer,
and have been noticing problems with the music-app: we are getting
denials from aa_query_label for files under ~/Music. For example:
$ ./query_file com.ubuntu.music_music_2.1.867
/home/phablet/Music/10-amarillo.mp3
re
It is analogous to access, however the set of races is smaller. Only the
privileged MAC admin user can change the policy, where with access a
user may change a files permissions. If you are using this to test
whether you can open a file, in hopes that open() won't deny it, then
yes this is similar
One thing that comes to mind is that any check that doesn't actually
carry out the intended action (such as opening a file) is subject to
race conditions. Ideallly, what I would like to say is "open this file
for me as if I had the following privileges". As is, I think all I can
say is "would I be
Fix committed into lp:thumbnailer/devel at revision 219, scheduled for
release in thumbnailer, milestone Unknown
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1381713
Title:
Support policy query int
** Branch linked: lp:~jamesh/thumbnailer/aa-access-fix
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1381713
Title:
Support policy query interface for file
To manage notifications about this bug go
Fix committed into lp:thumbnailer/devel at revision 218, scheduled for
release in thumbnailer, milestone Unknown
** Changed in: thumbnailer
Status: In Progress => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
ht
Re: your symlink question. AppArmor is returning permissions regarding
reading the symlink it self, which is a precursor to traversing the
symlink to the file it is pointing at.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://b
Okay, we've been experimenting with this in the thumbnailer, and will
look to roll it out in the next landing. The first branch adds code
that calls GetConnectionCredentials() to determine the peer's AppArmor
label, while the second one adds aa_query_label based security checks
based on the label.
** Branch linked: lp:~jamesh/thumbnailer/dbus-aa-credentials
** Branch linked: lp:~jamesh/thumbnailer/use-aa-query-label
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1381713
Title:
Support policy
So I gave (2) by creating a symlink in a folder that a particular
profile was could access to a file in folder it didn't have access to.
The query_file utility attached to this bug said I was allowed access to
the symlink.
So I think we need a bit more guidance on how to use this interface
safely.
1. Yes and no. Ideally we would have a aa_query function that accepted
an open file descriptor. That isn't available right now but should be
down the road.
access(2) is more racey, IMO, because unprivileged attackers can modify
file permissions and fool programs doing the access() -> open() dance.
It is worth noting that the upcoming apparmor 2.10 release will have
helper functions (aa_query_file_path and aa_query_file_path_len) that
make it easier to query permissions for a file path.
http://bazaar.launchpad.net/~apparmor-
dev/apparmor/master/revision/3081
--
You received this bug noti
This technique looks quite promising. I have a few questions though:
1. if I do the aa_query_label() check followed by an open() call to read
it, am I open to the same race conditions as if I was relying on
access() to check permissions?
2. if the given path is a symlink, am I checking for permi
Adding media-hub, mediascanner2 and thumbnailer to this bug since there
is now a way to query apparmor for file access instead of having to
hardcode APP_IDs (see the attached files). This query interface will
improve going forward, but this should be able to clean up the code for
various trusted he
updated query_file.c example to fix a stupid bug
** Attachment added: "query_file.c"
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1381713/+attachment/4405801/+files/query_file.c
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to
Attached is a example program that builds a file query string.
to build
gcc -o query_file query_file.c -l apparmor
to use
query_file file1 file2 file3 ...
eg.
> ./query_file firefox /tmp /tmp/
read '/tmp' denied
read '/tmp/' allowed
** Attachment added: "example program querying fi
Note: specifying a profile name that doesn't exist will result in an
error like
./query_file badprofile /tmp /tmp/
read '/tmp' error: No such file or directory
read '/tmp/' error: No such file or directory
the apparmor query interface will not tell you if the file being queried does
not exist,
This ability was introduced in the utopic kernel.
** Changed in: apparmor (Ubuntu)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1381713
Title:
Support pol
** Also affects: apparmor (Ubuntu)
Importance: Undecided
Status: New
** Changed in: apparmor (Ubuntu)
Importance: Undecided => High
** Changed in: apparmor (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which
31 matches
Mail list logo
