← Back to team overview

group.of.nepali.translators team mailing list archive

[Bug 1638996] Re: apparmor's raw_data file in securityfs is sometimes truncated

 

This bug was fixed in the package linux - 4.8.0-45.48

---------------
linux (4.8.0-45.48) yakkety; urgency=low

  * CVE-2017-7184
    - xfrm_user: validate XFRM_MSG_NEWAE XFRMA_REPLAY_ESN_VAL replay_window
    - xfrm_user: validate XFRM_MSG_NEWAE incoming ESN size harder

 -- Stefan Bader <stefan.bader@xxxxxxxxxxxxx>  Fri, 24 Mar 2017 12:03:39
+0100

** Changed in: linux (Ubuntu Yakkety)
       Status: Triaged => Fix Released

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2017-7184

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1638996

Title:
  apparmor's raw_data file in securityfs is sometimes truncated

Status in linux package in Ubuntu:
  Fix Released
Status in linux source package in Xenial:
  Triaged
Status in linux source package in Yakkety:
  Fix Released

Bug description:
  Hi,

  It looks like sometimes apparmor's securityfs output is sometimes
  truncated,

  root@zesty:/sys/kernel/security/apparmor/policy/namespaces/lxd-zest_<var-lib-lxd>/profiles/usr.lib.snapd.snap-confine.1# ls -al
  total 0
  drwxr-xr-x  3 root root     0 Nov  3 16:45 .
  drwxr-xr-x 13 root root     0 Nov  3 16:44 ..
  -r--r--r--  1 root root     0 Nov  3 16:45 attach
  -r--r--r--  1 root root     0 Nov  3 16:45 mode
  -r--r--r--  1 root root     0 Nov  3 16:45 name
  drwxr-xr-x  3 root root     0 Nov  3 16:45 profiles
  -r--r--r--  1 root root     0 Nov  3 16:45 raw_abi
  -r--r--r--  1 root root 46234 Nov  3 16:45 raw_data
  -r--r--r--  1 root root     0 Nov  3 16:45 raw_hash
  -r--r--r--  1 root root     0 Nov  3 16:45 sha1
  root@zesty:/sys/kernel/security/apparmor/policy/namespaces/lxd-zest_<var-lib-lxd>/profiles/usr.lib.snapd.snap-confine.1# cat raw_data > /tmp/out
  root@zesty:/sys/kernel/security/apparmor/policy/namespaces/lxd-zest_<var-lib-lxd>/profiles/usr.lib.snapd.snap-confine.1# ls -al /tmp/out 
  -rw-r--r-- 1 root root 4009 Nov  3 16:55 /tmp/out

  and

  2016-11-03 10:58:01 tych0 jjohansen: hi, http://paste.ubuntu.com/23421551/
  2016-11-03 10:58:18 tych0 it looks like fstat is lying to me about the size of the policy
  2016-11-03 10:59:20 @jjohansen  tych0: hrmm interesting, can you zip up the /tmp/out file so I can see it looks like a complete policy file?
  2016-11-03 11:00:03 @jjohansen  something is definitely not right there. hrmmm
  2016-11-03 11:00:26 @jjohansen  the size is set by the input buffer size
  2016-11-03 11:00:28 tych0 jjohansen: http://files.tycho.ws/tmp/out
  2016-11-03 11:00:36 tych0 yeah, i assume
  2016-11-03 11:01:15 @jjohansen  my guess is something is messing up in the seq_file walk of the policy
  2016-11-03 11:02:38 @jjohansen  tych0: yep the file is truncated, can you open a bug and I will start looking for it
  2016-11-03 11:03:14 tych0 jjohansen: sure, just on linux?
  2016-11-03 11:03:35 @jjohansen  tych0: yeah for now, just linux
  2016-11-03 11:03:43 @jjohansen  we can add others if needed later
  2016-11-03 11:03:44 tych0 jjohansen: FWIW, somehow it seems racy, becasue sometimes it works and sometimes it doesn't

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1638996/+subscriptions