group.of.nepali.translators team mailing list archive
-
group.of.nepali.translators team
-
Mailing list archive
-
Message #12168
[Bug 1638996] Re: apparmor's raw_data file in securityfs is sometimes truncated
This bug was fixed in the package linux - 4.8.0-45.48
---------------
linux (4.8.0-45.48) yakkety; urgency=low
* CVE-2017-7184
- xfrm_user: validate XFRM_MSG_NEWAE XFRMA_REPLAY_ESN_VAL replay_window
- xfrm_user: validate XFRM_MSG_NEWAE incoming ESN size harder
-- Stefan Bader <stefan.bader@xxxxxxxxxxxxx> Fri, 24 Mar 2017 12:03:39
+0100
** Changed in: linux (Ubuntu Yakkety)
Status: Triaged => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2017-7184
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1638996
Title:
apparmor's raw_data file in securityfs is sometimes truncated
Status in linux package in Ubuntu:
Fix Released
Status in linux source package in Xenial:
Triaged
Status in linux source package in Yakkety:
Fix Released
Bug description:
Hi,
It looks like sometimes apparmor's securityfs output is sometimes
truncated,
root@zesty:/sys/kernel/security/apparmor/policy/namespaces/lxd-zest_<var-lib-lxd>/profiles/usr.lib.snapd.snap-confine.1# ls -al
total 0
drwxr-xr-x 3 root root 0 Nov 3 16:45 .
drwxr-xr-x 13 root root 0 Nov 3 16:44 ..
-r--r--r-- 1 root root 0 Nov 3 16:45 attach
-r--r--r-- 1 root root 0 Nov 3 16:45 mode
-r--r--r-- 1 root root 0 Nov 3 16:45 name
drwxr-xr-x 3 root root 0 Nov 3 16:45 profiles
-r--r--r-- 1 root root 0 Nov 3 16:45 raw_abi
-r--r--r-- 1 root root 46234 Nov 3 16:45 raw_data
-r--r--r-- 1 root root 0 Nov 3 16:45 raw_hash
-r--r--r-- 1 root root 0 Nov 3 16:45 sha1
root@zesty:/sys/kernel/security/apparmor/policy/namespaces/lxd-zest_<var-lib-lxd>/profiles/usr.lib.snapd.snap-confine.1# cat raw_data > /tmp/out
root@zesty:/sys/kernel/security/apparmor/policy/namespaces/lxd-zest_<var-lib-lxd>/profiles/usr.lib.snapd.snap-confine.1# ls -al /tmp/out
-rw-r--r-- 1 root root 4009 Nov 3 16:55 /tmp/out
and
2016-11-03 10:58:01 tych0 jjohansen: hi, http://paste.ubuntu.com/23421551/
2016-11-03 10:58:18 tych0 it looks like fstat is lying to me about the size of the policy
2016-11-03 10:59:20 @jjohansen tych0: hrmm interesting, can you zip up the /tmp/out file so I can see it looks like a complete policy file?
2016-11-03 11:00:03 @jjohansen something is definitely not right there. hrmmm
2016-11-03 11:00:26 @jjohansen the size is set by the input buffer size
2016-11-03 11:00:28 tych0 jjohansen: http://files.tycho.ws/tmp/out
2016-11-03 11:00:36 tych0 yeah, i assume
2016-11-03 11:01:15 @jjohansen my guess is something is messing up in the seq_file walk of the policy
2016-11-03 11:02:38 @jjohansen tych0: yep the file is truncated, can you open a bug and I will start looking for it
2016-11-03 11:03:14 tych0 jjohansen: sure, just on linux?
2016-11-03 11:03:35 @jjohansen tych0: yeah for now, just linux
2016-11-03 11:03:43 @jjohansen we can add others if needed later
2016-11-03 11:03:44 tych0 jjohansen: FWIW, somehow it seems racy, becasue sometimes it works and sometimes it doesn't
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1638996/+subscriptions