From 388215976755904a7ed7e05aa433cc3a3907ab6f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20Dalleau?=
<frederic.dalleau@collabora.co.uk>
Date: Wed, 28 Sep 2016 11:47:44 +0000
Subject: [PATCH] apparmor-ofono: open a root-owned file
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
ofono runs as root, so having the "malicious" LD_PRELOAD module read
/home/user/.bash_history requires it to exercise CAP_DAC_OVERRIDE,
leading to an AppArmor denial that doesn't match what we expect. Try
to read /etc/shadow instead, and update the expected denials
accordingly.
With that change, there's no real need for the "malicious" code to use
GLib, so use stdio instead.
Apertis: https://phabricator.apertis.org/T1848
Signed-off-by: Frédéric Dalleau <frederic.dalleau@collabora.co.uk>
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Differential Revision: https://phabricator.apertis.org/D4388
---
apparmor/ofono/ofonod-malicious-override.c | 31 +++++++++++++++++++---
apparmor/ofono/ofonod.malicious.expected | 2 +-
2 files changed, 29 insertions(+), 4 deletions(-)
diff --git a/apparmor/ofono/ofonod-malicious-override.c b/apparmor/ofono/ofonod-malicious-override.c
index 383284d8..7088ee1f 100644
--- a/apparmor/ofono/ofonod-malicious-override.c
+++ b/apparmor/ofono/ofonod-malicious-override.c
@@ -1,11 +1,36 @@
-/* vim: set sts=4 sw=4 et :
+/* vim:set et sw=2 cin cino=t0,f0,(0,{s,>2s,n-s,^-s,e2s:
*
* A small library that can be loaded using LD_PRELOAD to do malicious things
* to test whether apparmor works
*/
-/* Easier for the build system */
-#include "../common/function-malicious-override.c"
+#define _GNU_SOURCE
+#include <dlfcn.h>
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <glib.h>
+
+static void
+do_malicious_stuff (void)
+{
+ const char *filename = "/etc/shadow";
+
+ if (fopen (filename, "r") == NULL)
+ {
+ fprintf (stderr, "Unable to be malicious: %s -- SUCCESS\n",
+ strerror(errno));
+ }
+ else
+ {
+ fprintf (stderr, "Malicious code read contents of '%s' -- FAILURE\n",
+ filename);
+ /* Exit immediately if apparmor doesn't stop us. */
+ exit (EXIT_FAILURE);
+ }
+}
gboolean
g_option_context_parse (GOptionContext *context,
diff --git a/apparmor/ofono/ofonod.malicious.expected b/apparmor/ofono/ofonod.malicious.expected
index 63fd7c1f..dc8cd9eb 100644
--- a/apparmor/ofono/ofonod.malicious.expected
+++ b/apparmor/ofono/ofonod.malicious.expected
@@ -3,5 +3,5 @@ profile:/usr/sbin/ofonod
sdmode:REJECTING
denied_mask:r
operation:open
-name:/home/user/.bash_history
+name:/etc/shadow
request_mask:r
--
GitLab