https://bugzilla.novell.com/show_bug.cgi?id=296637 Summary: apparmor-dbus falls over if audit message contains char 0x80 Product: openSUSE 10.3 Version: Alpha 7 Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: AppArmor AssignedTo: mbarringer@novell.com ReportedBy: sbeattie@novell.com QAContact: dreynolds@novell.com Found By: --- the apparmor-dbus audit dispatcher falls over if the character 0x80 is included in an audit message.
From an strace of apparmor-dbus while running i18n.sh of the apparmor regression test:
readv(3, [{"\0\0\0\0\20\0\0\0\334\5\0\0\360\0\0\0", 16}, {"audit(1185997497.772:6148): REJE"..., 8460}], 2) = 256 writev(5, [{"l\4\1\1\30\2\0\0\177\0\0\0e\0\0\0\1\1o\0\24\0\0\0/com/"..., 120}, {"\360\0\0\0audit(1185997497.772:6148): "..., 536}], 2) = 656 select(4, [3], NULL, NULL, {1, 0}) = 1 (in [3], left {0, 728000}) readv(3, [{"\0\0\0\0\20\0\0\0\334\5\0\0\360\0\0\0", 16}, {"audit(1185997498.044:6149): REJE"..., 8460}], 2) = 256 writev(5, [{"l\4\1\1\30\2\0\0\200\0\0\0e\0\0\0\1\1o\0\24\0\0\0/com/"..., 120}, {"\360\0\0\0audit(1185997498.044:6149): "..., 536}], 2) = -1 EPIPE (Broken pipe) --- SIGPIPE (Broken pipe) @ 0 (0) --- close(5) = 0 select(4, [3], NULL, NULL, {1, 0}) = 1 (in [3], left {0, 744000}) readv(3, [{"\0\0\0\0\20\0\0\0\334\5\0\0\360\0\0\0", 16}, {"audit(1185997498.300:6150): REJE"..., 8460}], 2) = 256 select(4, [3], NULL, NULL, {1, 0}) = 1 (in [3], left {0, 744000}) readv(3, [{"\0\0\0\0\20\0\0\0\334\5\0\0\360\0\0\0", 16}, {"audit(1185997498.556:6151): REJE"..., 8460}], 2) = 256 select(4, [3], NULL, NULL, {1, 0}) = 1 (in [3], left {0, 700000}) readv(3, [{"\0\0\0\0\20\0\0\0\334\5\0\0\360\0\0\0", 16}, {"audit(1185997498.856:6152): REJE"..., 8460}], 2) = 256 select(4, [3], NULL, NULL, {1, 0}) = 1 (in [3], left {0, 580000}) [...] The corresponding rejections in the audit log are: type=APPARMOR msg=audit(1185997496.916:6145): REJECTING r access to /tmp/sdtest.26521-10223-k26530/file_|_ post (open(3486) profile /home/steve/svn/trunk-forge/tests/regression/subdomain/open active /home/steve/sv n/trunk-forge/tests/regression/subdomain/open) type=APPARMOR msg=audit(1185997497.164:6146): REJECTING r access to /tmp/sdtest.26521-10223-k26530/file_}_ post (open(3563) profile /home/steve/svn/trunk-forge/tests/regression/subdomain/open active /home/steve/sv n/trunk-forge/tests/regression/subdomain/open) type=APPARMOR msg=audit(1185997497.468:6147): REJECTING r access to /tmp/sdtest.26521-10223-k26530/file_~_ post (open(3641) profile /home/steve/svn/trunk-forge/tests/regression/subdomain/open active /home/steve/sv n/trunk-forge/tests/regression/subdomain/open) type=APPARMOR msg=audit(1185997497.772:6148): REJECTING r access to /tmp/sdtest.26521-10223-k26530/file_�_ post (open(3717) profile /home/steve/svn/trunk-forge/tests/regression/subdomain/open active /home/steve/sv n/trunk-forge/tests/regression/subdomain/open) type=APPARMOR msg=audit(1185997498.044:6149): REJECTING r access to /tmp/sdtest.26521-10223-k26530/file_�_ post (open(3793) profile /home/steve/svn/trunk-forge/tests/regression/subdomain/open active /home/steve/sv n/trunk-forge/tests/regression/subdomain/open) type=APPARMOR msg=audit(1185997498.300:6150): REJECTING r access to /tmp/sdtest.26521-10223-k26530/file_�_ post (open(3872) profile /home/steve/svn/trunk-forge/tests/regression/subdomain/open active /home/steve/sv n/trunk-forge/tests/regression/subdomain/open) type=APPARMOR msg=audit(1185997498.556:6151): REJECTING r access to /tmp/sdtest.26521-10223-k26530/file_�_ post (open(3949) profile /home/steve/svn/trunk-forge/tests/regression/subdomain/open active /home/steve/sv n/trunk-forge/tests/regression/subdomain/open) type=APPARMOR msg=audit(1185997498.856:6152): REJECTING r access to /tmp/sdtest.26521-10223-k26530/file_�_ post (open(4028) profile /home/steve/svn/trunk-forge/tests/regression/subdomain/open active /home/steve/sv n/trunk-forge/tests/regression/subdomain/open) Note that rejection :6149 is two after :6147 which is on the "~" character, aka 0x7e. i18n.sh just iterates over chars 0-255. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.