[apparmor] [patch] Fix handling of interpreters with parameters
Christian Boltz
apparmor at cboltz.de
Sun Oct 18 20:08:54 UTC 2015
Hello,
Am Montag, 19. Oktober 2015 schrieb Kshitij Gupta:
> On Sun, Oct 18, 2015 at 8:50 PM, Christian Boltz wrote:
> > if a script contains a hashbang like
> >
> > #! /usr/bin/perl -w
> >
> > aa-autodep created a profile entry like
> >
> > "/usr/bin/perl -w" ix,
> >
> > which is obviously incorrect.
> >
> > This patch fixes this (by using only the first part of the hashbang
> > line) and also adds some tests for it.
> >
> > References: https://bugs.launchpad.net/apparmor/+bug/1505775
> >
> >
> > [ 95-fix-handling-interpreters-with-parameters.diff ]
> >
> > --- utils/apparmor/aa.py 2015-10-18 16:45:00.661993736 +0200
> > +++ utils/apparmor/aa.py 2015-10-18 17:07:20.459211068 +0200
> > @@ -416,8 +416,9 @@
> >
> > if not hashbang.startswith('#!'):
> > return None, None
> >
> > - interpreter = hashbang[2:].strip()
> > - interpreter_path = get_full_path(interpreter)
> > + # get the interpreter (without parameters)
> > + interpreter = hashbang[2:].strip().split()
>
> I'd like to call it "interpreter_and_flags_and_parameters_stuff" but
> could settle for "interpreter_and_flags".
> Or we can make it:
> interpreter_path = hashbang[2:].strip().split()[0]
Good idea, I'll change that before commiting.
> Or
> interpreter_and_flags = hashbang[2:].strip().split()
> interpreter_path = interpreter_and_flags[0]
I prefer the first option ;-)
Regards,
Christian Boltz
--
There are no bugs expected after Beta3, that's why it is called RC.
[Jan Engelhardt]
More information about the AppArmor
mailing list