[apparmor] [Patch] [Bug 731184] Re: apparmor_parser fails to consider its own time stamp when determining if profile cache is stale

[Kees Cook]

On Tue, Mar 08, 2011 at 10:50:58AM -0800, John Johansen wrote:
> +	cmd = fopen(progname, "r");

Unfortunately, this won't work since "progname" may be relative to a
PATH directory.

$ /sbin/apparmor_parser -h | grep Usage
Usage: /sbin/apparmor_parser [options] [profile]

$ apparmor_parser -h | grep Usage
Usage: apparmor_parser [options] [profile]

I would suggest fully canonicalizing either progname or this fopen target
using readlink(/proc/self/exe).

I would learn toward the former, actually, so that invocation method
doesn't change the Usage output, etc.

-Kees

-- 
Kees Cook
Ubuntu Security Team