Ubuntu
apparmor package

Bug #475619
Comment #6

Comment 6 for bug 475619

Revision history for this message

Richard Lee (rawk) wrote on 2009-11-06: Re: [Bug 475619] Re: apparmor kernel null dereference when profile is removed after set to complain

Thanks! I am setting up amd64 machine to test the immediate fix and will
update. I will test with empathy setup and update bug by afternoon today.

On Fri, Nov 6, 2009 at 10:22 AM, Kees Cook <email address hidden> wrote:

> I can confirm that this fixes it for me. Thanks! My test was:
>
> bug.c:
> #include <stdio.h>
> #include <unistd.h>
>
> int main()
> {
> printf("Started\n");
> system("./child");
> printf("Finished\n");
> return 0;
> }
>
> child.c:
> #include <stdio.h>
> #include <unistd.h>
>
> int main()
> {
> printf("Started child\n");
> sleep(10);
> system("cat /etc/motd");
> printf("Finished child\n");
> return 0;
> }
>
> /etc/apparmor.d/home.kees.bug:
> #include <tunables/global>
> /home/kees/bug flags=(complain) {
> #include <abstractions/base>
> }
>
> $ sudo aa-complain bug
> $ ./bug & sleep 2; sudo /sbin/apparmor_parser -R /etc/apparmor.d/*bug
>
> --
> apparmor kernel null dereference when profile is removed after set to
> complain
> https://bugs.launchpad.net/bugs/475619
> You received this bug notification because you are a direct subscriber
> of the bug.
>
> Status in “apparmor” package in Ubuntu: New
>
> Bug description:
> Binary package hint: apparmor
>
> Description: Ubuntu 9.10
> Release: 9.10
> Package: apparmor
> System: Linux tehcomputer 2.6.31-14-generic #48-Ubuntu SMP Fri Oct 16
> 14:05:01 UTC 2009 x86_64 GNU/Linux
>
> The following will cause a null dereference and a "kernel oops".
>
> Steps:
> 1. Generate an apparmor profile for empathy (I can send my apparmor profile
> via email)
> 2. Make sure empathy can load and no messages are reported in audit.
> (Make sure gnome-help isn't allowed to execute by keeping it absent from
> the apparmor profile)
> 3. Enforce the empathy apparmor profile
> 4. Load empathy until empathy UI opens
> 5. Set empathy profile to complain
> 6. In empathy, click Help->Contents
> 7. Verify that audit is sending out complain messages as gnome-help opens
> with empathy help contents
> 8. Run apparmor_parser -R /etc/init.d/usr.bin.empathy
>
> Result:
> 1. Nov 4 16:47:21 tehcomputer kern: [76781.229046] BUG: unable to handle
> kernel NULL pointer dereference at 0000000000000068
>

Thanks! I am setting up amd64 machine to test the immediate fix and will
update. I will test with empathy setup and update bug by afternoon today.

On Fri, Nov 6, 2009 at 10:22 AM, Kees Cook <kees@ubuntu.com> wrote:

> I can confirm that this fixes it for me.  Thanks!  My test was:
>
> bug.c:
> #include <stdio.h>
> #include <unistd.h>
>
> int main()
> {
>        printf("Started\n");
>        system("./child");
>        printf("Finished\n");
>        return 0;
> }
>
> child.c:
> #include <stdio.h>
> #include <unistd.h>
>
> int main()
> {
>        printf("Started child\n");
>        sleep(10);
>        system("cat /etc/motd");
>        printf("Finished child\n");
>        return 0;
> }
>
> /etc/apparmor.d/home.kees.bug:
> #include <tunables/global>
> /home/kees/bug flags=(complain) {
>  #include <abstractions/base>
> }
>
> $ sudo aa-complain bug
> $ ./bug & sleep 2; sudo /sbin/apparmor_parser -R /etc/apparmor.d/*bug
>
> --
> apparmor kernel null dereference when profile is removed after set to
> complain
> https://bugs.launchpad.net/bugs/475619
> You received this bug notification because you are a direct subscriber
> of the bug.
>
> Status in “apparmor” package in Ubuntu: New
>
> Bug description:
> Binary package hint: apparmor
>
> Description:    Ubuntu 9.10
> Release:        9.10
> Package: apparmor
> System: Linux tehcomputer 2.6.31-14-generic #48-Ubuntu SMP Fri Oct 16
> 14:05:01 UTC 2009 x86_64 GNU/Linux
>
> The following will cause a null dereference and a "kernel oops".
>
> Steps:
> 1. Generate an apparmor profile for empathy (I can send my apparmor profile
> via email)
> 2. Make sure empathy can load and no messages are reported in audit.
>  (Make sure gnome-help isn't allowed to execute by keeping it absent from
> the apparmor profile)
> 3. Enforce the empathy apparmor profile
> 4. Load empathy until empathy UI opens
> 5. Set empathy profile to complain
> 6. In empathy, click Help->Contents
> 7. Verify that audit is sending out complain messages as gnome-help opens
> with empathy help contents
> 8. Run apparmor_parser -R /etc/init.d/usr.bin.empathy
>
> Result:
> 1. Nov  4 16:47:21 tehcomputer kern: [76781.229046] BUG: unable to handle
> kernel NULL pointer dereference at 0000000000000068
>

Ubuntuapparmor package

Comment 6 for bug 475619

Ubuntu
apparmor package