apparmor-ofono: open a root-owned file (38821597) · Commits · pkg / apertis-tests

Commit 38821597 authored 8 years ago by Frédéric Dalleau Committed by Simon McVittie 8 years ago

apparmor-ofono: open a root-owned file

ofono runs as root, so having the "malicious" LD_PRELOAD module read
/home/user/.bash_history requires it to exercise CAP_DAC_OVERRIDE,
leading to an AppArmor denial that doesn't match what we expect. Try
to read /etc/shadow instead, and update the expected denials
accordingly.

With that change, there's no real need for the "malicious" code to use
GLib, so use stdio instead.

Apertis: https://phabricator.apertis.org/T1848



Signed-off-by: Frédéric Dalleau <frederic.dalleau@collabora.co.uk>
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Differential Revision: https://phabricator.apertis.org/D4388

parent 70152d17

No related branches found

No related tags found

No related merge requests found

Hide whitespace changes

Inline Side-by-side

Showing with 29 additions and 4 deletions

Please register or to comment