[apparmor] sanitized_helper is ineffective in confining python programs
John Johansen
john.johansen at canonical.com
Wed Sep 14 05:21:37 UTC 2016
On 09/08/2016 06:03 AM, Tomasz Miąsko wrote:
> Hi,
>
> Strategy employed in abstractions/ubuntu-helpers for environment sanitizing is
> ineffective for python programs. For example, the check prohibiting user owned
> python imports ("audit deny owner /**/*.py* r"), can be avoided as follows:
>
> Using symbolic link to avoid check for python extension:
>
> * Save code to execute in a file without .py extension, for example site.code.
> * Create symbolic link from site.py to site.code
> * Execute a python program that transitions to sanitized_helper profile with
> PYTHONPATH=directory containing site.py
>
yes, if your confined environment allows you to set this up then apparmor doing
post symlink mediation will see it as site.code and the above rule will not
apply.
This is somewhat documented in the limitations
# 2. For this sanitized_helper to work, the program running in the sanitized
# environment must open symlinks directly in order for AppArmor to mediate
# it. This is confirmed to work with:
>
> Using python built-in support for zip imports:
>
> * Create zip file with code to execute.
> * Execute python program that transitions to sanitized_helper profile with
> PYTHONPATH=zip file
>
Hey Tomasz,
sanitized helpers is a hack and stop gap solution, that is it is intended to
limit what can be done but it is not perfect. The real solution is direct
support for environment vars in apparmor but we have not been able to land
that yet.
More information about the AppArmor
mailing list