On Thu, Jan 12, 2012 at 6:12 PM, Andy Lutomirski <luto@xxxxxxxxxxxxxx> wrote: > With this set, a lot of dangerous operations (chroot, unshare, etc) > become a lot less dangerous because there is no possibility of > subverting privileged binaries. > > This patch completely breaks apparmor. Someone who understands (and > uses) apparmor should fix it or at least give me a hint. > > Signed-off-by: Andy Lutomirski <luto@xxxxxxxxxxxxxx> > [....] > diff --git a/security/apparmor/domain.c b/security/apparmor/domain.c > index c1e18ba..7f480b7 100644 > --- a/security/apparmor/domain.c > +++ b/security/apparmor/domain.c > @@ -360,6 +360,9 @@ int apparmor_bprm_set_creds(struct linux_binprm *bprm) > if (bprm->cred_prepared) > return 0; > > + /* XXX: someone who understands apparmor needs to fix this. */ > + BUG_ON(bprm->unsafe & LSM_UNSAFE_NO_NEW_PRIVS); > + > cxt = bprm->cred->security; > BUG_ON(!cxt); > Since apparmor_bprm_set_creds() calls cap_bprm_set_creds() already[1], I think AppArmor needs no changes at all, but John will know better. :) -Kees [1] http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=blob;f=security/apparmor/domain.c;h=c1e18ba5bdc09c65d259ad4bd9f374ef04dffd2f;hb=HEAD#l356 -- Kees Cook ChromeOS Security -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
