1. 22 Mar, 2018 1 commit
    • John Johansen's avatar
      apparmor: Make path_max parameter readonly · d55a55bc
      John Johansen authored
      
      [ Upstream commit 622f6e32 ]
      
      The path_max parameter determines the max size of buffers allocated
      but it should  not be setable at run time. If can be used to cause an
      oops
      
      root@ubuntu:~# echo 16777216 > /sys/module/apparmor/parameters/path_max
      root@ubuntu:~# cat /sys/module/apparmor/parameters/path_max
      Killed
      
      [  122.141911] BUG: unable to handle kernel paging request at ffff880080945fff
      [  122.143497] IP: [<ffffffff81228844>] d_absolute_path+0x44/0xa0
      [  122.144742] PGD 220c067 PUD 0
      [  122.145453] Oops: 0002 [#1] SMP
      [  122.146204] Modules linked in: vmw_vsock_vmci_transport vsock ppdev vmw_balloon snd_ens1371 btusb snd_ac97_codec gameport snd_rawmidi btrtl snd_seq_device ac97_bus btbcm btintel snd_pcm input_leds bluetooth snd_timer snd joydev soundcore serio_raw coretemp shpchp nfit parport_pc i2c_piix4 8250_fintek vmw_vmci parport mac_hid ib_iser rdma_cm iw_cm ib_cm ib_sa ib_mad ib_core ib_addr iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi autofs4 btrfs raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear hid_generic usbhid hid crct10dif_pclmul crc32_pclmul ghash_clmulni_intel aesni_intel aes_x86_64 lrw gf128mul glue_helper ablk_helper cryptd vmwgfx psmouse mptspi ttm mptscsih drm_kms_helper mptbase syscopyarea scsi_transport_spi sysfillrect
      [  122.163365]  ahci sysimgblt e1000 fb_sys_fops libahci drm pata_acpi fjes
      [  122.164747] CPU: 3 PID: 1501 Comm: bash Not tainted 4.4.0-59-generic #80-Ubuntu
      [  122.166250] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 07/02/2015
      [  122.168611] task: ffff88003496aa00 ti: ffff880076474000 task.ti: ffff880076474000
      [  122.170018] RIP: 0010:[<ffffffff81228844>]  [<ffffffff81228844>] d_absolute_path+0x44/0xa0
      [  122.171525] RSP: 0018:ffff880076477b90  EFLAGS: 00010206
      [  122.172462] RAX: ffff880080945fff RBX: 0000000000000000 RCX: 0000000001000000
      [  122.173709] RDX: 0000000000ffffff RSI: ffff880080946000 RDI: ffff8800348a1010
      [  122.174978] RBP: ffff880076477bb8 R08: ffff880076477c80 R09: 0000000000000000
      [  122.176227] R10: 00007ffffffff000 R11: ffff88007f946000 R12: ffff88007f946000
      [  122.177496] R13: ffff880076477c80 R14: ffff8800348a1010 R15: ffff8800348a2400
      [  122.178745] FS:  00007fd459eb4700(0000) GS:ffff88007b6c0000(0000) knlGS:0000000000000000
      [  122.180176] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      [  122.181186] CR2: ffff880080945fff CR3: 0000000073422000 CR4: 00000000001406e0
      [  122.182469] Stack:
      [  122.182843]  00ffffff00000001 ffff880080946000 0000000000000000 0000000000000000
      [  122.184409]  00000000570f789c ffff880076477c30 ffffffff81385671 ffff88007a2e7a58
      [  122.185810]  0000000000000000 ffff880076477c88 01000000008a1000 0000000000000000
      [  122.187231] Call Trace:
      [  122.187680]  [<ffffffff81385671>] aa_path_name+0x81/0x370
      [  122.188637]  [<ffffffff813875dd>] profile_transition+0xbd/0xb80
      [  122.190181]  [<ffffffff811af9bc>] ? zone_statistics+0x7c/0xa0
      [  122.191674]  [<ffffffff81389b20>] apparmor_bprm_set_creds+0x9b0/0xac0
      [  122.193288]  [<ffffffff812e1971>] ? ext4_xattr_get+0x81/0x220
      [  122.194793]  [<ffffffff812e800c>] ? ext4_xattr_security_get+0x1c/0x30
      [  122.196392]  [<ffffffff813449b9>] ? get_vfs_caps_from_disk+0x69/0x110
      [  122.198004]  [<ffffffff81232d4f>] ? mnt_may_suid+0x3f/0x50
      [  122.199737]  [<ffffffff81344b03>] ? cap_bprm_set_creds+0xa3/0x600
      [  122.201377]  [<ffffffff81346e53>] security_bprm_set_creds+0x33/0x50
      [  122.203024]  [<ffffffff81214ce5>] prepare_binprm+0x85/0x190
      [  122.204515]  [<ffffffff81216545>] do_execveat_common.isra.33+0x485/0x710
      [  122.206200]  [<ffffffff81216a6a>] SyS_execve+0x3a/0x50
      [  122.207615]  [<ffffffff81838795>] stub_execve+0x5/0x5
      [  122.208978]  [<ffffffff818384f2>] ? entry_SYSCALL_64_fastpath+0x16/0x71
      [  122.210615] Code: f8 31 c0 48 63 c2 83 ea 01 48 c7 45 e8 00 00 00 00 48 01 c6 85 d2 48 c7 45 f0 00 00 00 00 48 89 75 e0 89 55 dc 78 0c 48 8d 46 ff <c6> 46 ff 00 48 89 45 e0 48 8d 55 e0 48 8d 4d dc 48 8d 75 e8 e8
      [  122.217320] RIP  [<ffffffff81228844>] d_absolute_path+0x44/0xa0
      [  122.218860]  RSP <ffff880076477b90>
      [  122.219919] CR2: ffff880080945fff
      [  122.220936] ---[ end trace 506cdbd85eb6c55e ]---
      Reported-by: 's avatarTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
      Signed-off-by: 's avatarJohn Johansen <john.johansen@canonical.com>
      Signed-off-by: 's avatarJames Morris <james.l.morris@oracle.com>
      Signed-off-by: 's avatarSasha Levin <alexander.levin@microsoft.com>
      Signed-off-by: 's avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      d55a55bc
  2. 15 Nov, 2017 1 commit
  3. 21 Nov, 2016 1 commit
  4. 28 Sep, 2016 1 commit
  5. 27 Jul, 2016 1 commit
    • Arnd Bergmann's avatar
      apparmor: fix SECURITY_APPARMOR_HASH_DEFAULT parameter handling · 7616ac70
      Arnd Bergmann authored
      The newly added Kconfig option could never work and just causes a build error
      when disabled:
      
      security/apparmor/lsm.c:675:25: error: 'CONFIG_SECURITY_APPARMOR_HASH_DEFAULT' undeclared here (not in a function)
       bool aa_g_hash_policy = CONFIG_SECURITY_APPARMOR_HASH_DEFAULT;
      
      The problem is that the macro undefined in this case, and we need to use the IS_ENABLED()
      helper to turn it into a boolean constant.
      
      Another minor problem with the original patch is that the option is even offered
      in sysfs when SECURITY_APPARMOR_HASH is not enabled, so this also hides the option
      in that case.
      Signed-off-by: 's avatarArnd Bergmann <arnd@arndb.de>
      Fixes: 6059f71f ("apparmor: add parameter to control whether policy hashing is used")
      Signed-off-by: 's avatarJohn Johansen <john.johansen@canonical.com>
      Signed-off-by: 's avatarJames Morris <james.l.morris@oracle.com>
      7616ac70
  6. 12 Jul, 2016 24 commits
  7. 08 Jul, 2016 1 commit
    • Vegard Nossum's avatar
      apparmor: fix oops, validate buffer size in apparmor_setprocattr() · 30a46a46
      Vegard Nossum authored
      When proc_pid_attr_write() was changed to use memdup_user apparmor's
      (interface violating) assumption that the setprocattr buffer was always
      a single page was violated.
      
      The size test is not strictly speaking needed as proc_pid_attr_write()
      will reject anything larger, but for the sake of robustness we can keep
      it in.
      
      SMACK and SELinux look safe to me, but somebody else should probably
      have a look just in case.
      
      Based on original patch from Vegard Nossum <vegard.nossum@oracle.com>
      modified for the case that apparmor provides null termination.
      
      Fixes: bb646cdbReported-by: 's avatarVegard Nossum <vegard.nossum@oracle.com>
      Cc: Al Viro <viro@zeniv.linux.org.uk>
      Cc: John Johansen <john.johansen@canonical.com>
      Cc: Paul Moore <paul@paul-moore.com>
      Cc: Stephen Smalley <sds@tycho.nsa.gov>
      Cc: Eric Paris <eparis@parisplace.org>
      Cc: Casey Schaufler <casey@schaufler-ca.com>
      Cc: stable@kernel.org
      Signed-off-by: 's avatarJohn Johansen <john.johansen@canonical.com>
      Reviewed-by: 's avatarTyler Hicks <tyhicks@canonical.com>
      Signed-off-by: 's avatarJames Morris <james.l.morris@oracle.com>
      30a46a46
  8. 28 Mar, 2016 10 commits