lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <30faaa83-bdb3-69b8-1fa9-7c1f4f011045@canonical.com>
Date:   Wed, 5 Jul 2023 11:02:26 -0700
From:   John Johansen <john.johansen@...onical.com>
To:     Minjie Du <duminjie@...o.com>, Paul Moore <paul@...l-moore.com>,
        James Morris <jmorris@...ei.org>,
        "Serge E. Hallyn" <serge@...lyn.com>,
        Nick Terrell <terrelln@...com>,
        "moderated list:APPARMOR SECURITY MODULE" <apparmor@...ts.ubuntu.com>,
        "open list:SECURITY SUBSYSTEM" 
        <linux-security-module@...r.kernel.org>,
        open list <linux-kernel@...r.kernel.org>
Cc:     opensource.kernel@...o.com
Subject: Re: [PATCH v1] security: remove duplicate logical judgments in return

On 7/4/23 01:56, Minjie Du wrote:
> Fix: delate duplicate logical judgments:
> aa_unpack_u32(e, &perm->allow, NULL);
> Please check this. Thank you!
> 
> Signed-off-by: Minjie Du <duminjie@...o.com>

NAK, it is a bug but not in a way that we can do this, which will break the unpack. The first entry is reserved, and for the moment should be skipped. Double loading to
&perm->allow, effectively does that but was not what was intended either. There is a patch coming that loads the first entry to a tmp variable and does a check that it is 0.

> ---
>   security/apparmor/policy_unpack.c | 1 -
>   1 file changed, 1 deletion(-)
> 
> diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c
> index 694fb7a09..2069adf0a 100644
> --- a/security/apparmor/policy_unpack.c
> +++ b/security/apparmor/policy_unpack.c
> @@ -646,7 +646,6 @@ static bool unpack_perm(struct aa_ext *e, u32 version, struct aa_perms *perm)
>   		return false;
>   
>   	return	aa_unpack_u32(e, &perm->allow, NULL) &&
> -		aa_unpack_u32(e, &perm->allow, NULL) &&
>   		aa_unpack_u32(e, &perm->deny, NULL) &&
>   		aa_unpack_u32(e, &perm->subtree, NULL) &&
>   		aa_unpack_u32(e, &perm->cond, NULL) &&

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ