Public bug reported:
Somewhere between 3.13 and 4.4, the scrubbing behavior of ix changed.
For example, on Ubuntu 12.04 and 14.04 we have:
* ux does not scrub
* Ux does scrub
* ix does not scrub
but in 16.04 and later we have:
* ux does not scrub
* Ux does scrub
* ix does scrub # WRONG
I discussed this with jjohansen some time ago (just now filing the bug)
and we concluded that ix shouldn't scrub and the behavior change was
unintentional, but that this needed to be investigated.
Attached is a reproducer:
$ tar -zxvf ./reproducer.tar.gz
reproducer/
reproducer/test.sh
reproducer/driver.sh
reproducer/profile
$ cd reproducer && ./driver.sh
Loading apparmor profiles...
...
ix should scrub: FAIL: ix scrubs
Ux should scrub: PASS
ux should not scrub: PASS
FAIL
[1]
The separate reproducer is:
$ cat ./profile
#include <tunables/global>
profile aaexec-ix {
#include <abstractions/base>
#include <abstractions/bash>
#include <abstractions/perl>
/bin/dash ixr,
/bin/grep ixr,
/**/test.sh r,
@{PROC}/*/attr/exec rw,
change_profile -> unconfined,
/usr/{,s}bin/aa-exec ixr,
}
$ sudo apparmor_parser -r ./profile
$ export LD_LIBRARY_PATH=foo
Then on (at least) 4.4 and higher:
$ aa-exec -p aaexec-ix -- ./test.sh | grep foo
[1]
$
and on (at least) 3.13 and below:
$ aa-exec -p aaexec-ix -- ./test.sh | grep foo
LD_LIBRARY_PATH=foo
$
** Affects: apparmor (Ubuntu)
Importance: Undecided
Status: New
** Tags: aa-kernel
** Attachment added: "reproducer.tar.gz"
https://bugs.launchpad.net/bugs/1759346/+attachment/5092595/+files/reproducer.tar.gz
** Description changed:
Somewhere between 3.13 and 4.4, the scrubbing behavior of ix changed.
For example, on Ubuntu 12.04 and 14.04 we have:
* ux does not scrub
* Ux does scrub
* ix does not scrub
but in 16.04 and later we have:
* ux does not scrub
* Ux does scrub
* ix does scrub # WRONG
I discussed this with jjohansen some time ago (just now filing the bug)
and we concluded that ix shouldn't scrub and the behavior change was
unintentional, but that this needed to be investigated.
Attached is a reproducer:
$ tar -zxvf ./reproducer.tar.gz
reproducer/
reproducer/test.sh
reproducer/driver.sh
reproducer/profile
+
$ cd reproducer && ./driver.sh
Loading apparmor profiles...
...
ix should scrub: FAIL: ix scrubs
Ux should scrub: PASS
ux should not scrub: PASS
FAIL
[1]
The separate reproducer is:
$ cat ./profile
#include <tunables/global>
profile aaexec-ix {
- #include <abstractions/base>
- #include <abstractions/bash>
- #include <abstractions/perl>
+ #include <abstractions/base>
+ #include <abstractions/bash>
+ #include <abstractions/perl>
- /bin/dash ixr,
- /bin/grep ixr,
- /**/test.sh r,
+ /bin/dash ixr,
+ /bin/grep ixr,
+ /**/test.sh r,
- @{PROC}/*/attr/exec rw,
- change_profile -> unconfined,
+ @{PROC}/*/attr/exec rw,
+ change_profile -> unconfined,
- /usr/{,s}bin/aa-exec ixr,
+ /usr/{,s}bin/aa-exec ixr,
}
$ sudo apparmor_parser -r ./profile
$ export LD_LIBRARY_PATH=foo
Then on (at least) 4.4 and higher:
$ aa-exec -p aaexec-ix -- ./test.sh | grep foo
[1]
$
and on (at least) 3.13 and below:
$ aa-exec -p aaexec-ix -- ./test.sh | grep foo
LD_LIBRARY_PATH=foo
$
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1759346
Title:
ix scrubs environment when it shouldn't
Status in apparmor package in Ubuntu:
New
Bug description:
Somewhere between 3.13 and 4.4, the scrubbing behavior of ix changed.
For example, on Ubuntu 12.04 and 14.04 we have:
* ux does not scrub
* Ux does scrub
* ix does not scrub
but in 16.04 and later we have:
* ux does not scrub
* Ux does scrub
* ix does scrub # WRONG
I discussed this with jjohansen some time ago (just now filing the
bug) and we concluded that ix shouldn't scrub and the behavior change
was unintentional, but that this needed to be investigated.
Attached is a reproducer:
$ tar -zxvf ./reproducer.tar.gz
reproducer/
reproducer/test.sh
reproducer/driver.sh
reproducer/profile
$ cd reproducer && ./driver.sh
Loading apparmor profiles...
...
ix should scrub: FAIL: ix scrubs
Ux should scrub: PASS
ux should not scrub: PASS
FAIL
[1]
The separate reproducer is:
$ cat ./profile
#include <tunables/global>
profile aaexec-ix {
#include <abstractions/base>
#include <abstractions/bash>
#include <abstractions/perl>
/bin/dash ixr,
/bin/grep ixr,
/**/test.sh r,
@{PROC}/*/attr/exec rw,
change_profile -> unconfined,
/usr/{,s}bin/aa-exec ixr,
}
$ sudo apparmor_parser -r ./profile
$ export LD_LIBRARY_PATH=foo
Then on (at least) 4.4 and higher:
$ aa-exec -p aaexec-ix -- ./test.sh | grep foo
[1]
$
and on (at least) 3.13 and below:
$ aa-exec -p aaexec-ix -- ./test.sh | grep foo
LD_LIBRARY_PATH=foo
$
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1759346/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
