diff options
author | John Johansen <john.johansen@canonical.com> | 2012-03-27 04:14:33 -0700 |
---|---|---|
committer | James Morris <james.l.morris@oracle.com> | 2012-03-28 01:00:05 +1100 |
commit | 0421ea91ddc7895a5a68d3bc670ed4b8e6448a42 (patch) | |
tree | 409b065611770dc4b69df1bb80100e001d52c36c /security/apparmor/domain.c | |
parent | e22057c8599373e5caef0bc42bdb95d2a361ab0d (diff) |
apparmor: Fix change_onexec when called from a confined task
Fix failure in aa_change_onexec api when the request is made from a confined
task. This failure was caused by two problems
The AA_MAY_ONEXEC perm was not being mapped correctly for this case.
The executable name was being checked as second time instead of using the
requested onexec profile name, which may not be the same as the exec
profile name. This mistake can not be exploited to grant extra permission
because of the above flaw where the ONEXEC permission was not being mapped
so it will not be granted.
BugLink: http://bugs.launchpad.net/bugs/963756
Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
Diffstat (limited to 'security/apparmor/domain.c')
-rw-r--r-- | security/apparmor/domain.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/security/apparmor/domain.c b/security/apparmor/domain.c index 7c69599a69e..6327685c101 100644 --- a/security/apparmor/domain.c +++ b/security/apparmor/domain.c @@ -410,7 +410,8 @@ int apparmor_bprm_set_creds(struct linux_binprm *bprm) * exec\0change_profile */ state = aa_dfa_null_transition(profile->file.dfa, state); - cp = change_profile_perms(profile, cxt->onexec->ns, name, + cp = change_profile_perms(profile, cxt->onexec->ns, + cxt->onexec->base.name, AA_MAY_ONEXEC, state); if (!(cp.allow & AA_MAY_ONEXEC)) |