mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 16:35:02 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
apparmor/utils
History
Christian Boltz bc492533cc
Fix aa-mergeprof crash caused by accidentially initialzed hat 
Hasher causes some fun in aa-mergeprof: If the profile in
/etc/apparmor.d/ has a hat or subprofile that doesn't exist in the
to-be-merged profile, aa-mergeprof crashes. This is caused by reading
self.other.aa[program][hat]['include'] which accidently "creates" that
profile inside the aa hasher as empty hasher (instead of ProfileStorage).

Later, the code loops over self.other.aa[profile].keys(), expects
everything to be ProfileStorage, and explodes [1] when for example
trying to run .delete_duplicates on the hasher (which obviously doesn't
provide this method).

This patch adds checks to all self.other.aa accesses in
CleanProf.remove_duplicate_rules() to avoid accidently creating new keys
in the hasher.

Interestingly this bug survived unnoticed for years (at least since
2.11).

[1] last lines of the backtrace:
  File ".../utils/apparmor/cleanprofile.py", line 42, in compare_profiles
    deleted += self.remove_duplicate_rules(profile)
  File ".../utils/apparmor/cleanprofile.py", line 65, in remove_duplicate_rules
    deleted += apparmor.delete_duplicates(self.other.aa[program][hat], inc)
  File ".../utils/apparmor/aa.py", line 1680, in delete_duplicates
    deleted += profile[rule_type].delete_duplicates(include[incname][incname][rule_type])
AttributeError: 'collections.defaultdict' object has no attribute 'delete_duplicates'
2018-10-11 19:49:26 +02:00
..
apparmor Fix aa-mergeprof crash caused by accidentially initialzed hat 2018-10-11 19:49:26 +02:00
easyprof
po translations: sync from launchpad translations 2018-04-15 06:54:44 -07:00
test Merge branch 'cboltz-log-to-profile-empty' into 'master' 2018-10-03 06:47:21 +00:00
vim all: Use HTTPS links for apparmor.net 2018-09-13 16:41:32 +00:00
aa-audit Switch utils to python3 2016-10-01 20:57:09 +02:00
aa-audit.pod all: Use HTTPS links for apparmor.net 2018-09-13 16:41:32 +00:00
aa-autodep Switch utils to python3 2016-10-01 20:57:09 +02:00
aa-autodep.pod all: Use HTTPS links for apparmor.net 2018-09-13 16:41:32 +00:00
aa-cleanprof drop dead code from tools.py 2017-06-26 21:27:06 +02:00
aa-cleanprof.pod all: Use HTTPS links for apparmor.net 2018-09-13 16:41:32 +00:00
aa-complain Switch utils to python3 2016-10-01 20:57:09 +02:00
aa-complain.pod all: Use HTTPS links for apparmor.net 2018-09-13 16:41:32 +00:00
aa-decode aa-decode: add the ability to support PROCTITLE string 2017-12-24 00:22:24 -08:00
aa-decode.pod
aa-disable Switch utils to python3 2016-10-01 20:57:09 +02:00
aa-disable.pod all: Use HTTPS links for apparmor.net 2018-09-13 16:41:32 +00:00
aa-easyprof Switch utils to python3 2016-10-01 20:57:09 +02:00
aa-easyprof.pod utils: Add option to aa-easyprof to specify the apparmor_parser path 2017-03-02 21:24:05 +00:00
aa-enforce Switch utils to python3 2016-10-01 20:57:09 +02:00
aa-enforce.pod all: Use HTTPS links for apparmor.net 2018-09-13 16:41:32 +00:00
aa-genprof utils: Point to the correct Profiles wiki page 2018-09-13 16:46:10 +00:00
aa-genprof.pod all: Use HTTPS links for apparmor.net 2018-09-13 16:41:32 +00:00
aa-logprof json support for logprof and genprof 2017-06-15 18:22:43 +02:00
aa-logprof.pod all: Use HTTPS links for apparmor.net 2018-09-13 16:41:32 +00:00
aa-mergeprof fix serialize_profile() calls to always use a dict for options 2018-06-25 21:42:29 +02:00
aa-mergeprof.pod all: Use HTTPS links for apparmor.net 2018-09-13 16:41:32 +00:00
aa-notify aa-notify: Read user's configuration file from XDG_CONFIG_HOME 2018-10-03 12:38:28 +03:00
aa-notify.pod Update man page and default configuration for notify.conf 2018-02-26 14:43:19 +11:00
aa-remove-unknown Don't print a literal '\n' in aa-remove-unknown help 2017-12-01 00:26:56 +01:00
aa-remove-unknown.pod utils: Add aa-remove-unknown utility to unload unknown profiles 2017-03-24 05:08:01 +00:00
aa-sandbox Switch utils to python3 2016-10-01 20:57:09 +02:00
aa-sandbox.pod
aa-status aa-status: split profile from exec name 2018-03-01 14:17:57 -08:00
aa-status.pod all: Use HTTPS links for apparmor.net 2018-09-13 16:41:32 +00:00
aa-unconfined utils: Require apparmor.aa users to call init_aa() 2017-03-02 21:21:53 +00:00
aa-unconfined.pod all: Use HTTPS links for apparmor.net 2018-09-13 16:41:32 +00:00
check_po.pl Ignore untranslated texts in check_po.pl 2017-11-27 23:47:52 +01:00
logprof.conf add zsh to logprof.conf 2018-09-24 16:51:11 +00:00
logprof.conf.pod all: Use HTTPS links for apparmor.net 2018-09-13 16:41:32 +00:00
Makefile utils: Add aa-remove-unknown utility to unload unknown profiles 2017-03-24 05:08:01 +00:00
notify.conf comment out use_group to remove group restrictions 2018-03-18 19:56:29 +01:00
python-tools-setup.py utils: stop rewriting shbang lines in setup script 2017-10-26 00:52:31 -07:00
README.md
severity.db

README.md

Known Bugs: Will allow multiple letters in the () due to translation/unicode issues with regexing the key. User input will probably bug out in a different locale.