[Bug 1233895] Re: AppArmor hooks incorrectly build query string for receiving process

Tue Oct 8 01:19:01 UTC 2013

This bug was fixed in the package dbus - 1.6.12-0ubuntu8

---------------
dbus (1.6.12-0ubuntu8) saucy; urgency=low

  * debian/patches/aa-kernel-compat-check.patch: Drop this patch. It was a
    temporary compatibility check to paper over incompatibilities between
    dbus-daemon, libapparmor, and the AppArmor kernel code while AppArmor
    D-Bus mediation was in development.
  * debian/patches/aa-mediation.patch: Fix a bug that resulted in all actions
    denied by AppArmor to be audited. Auditing such actions is the default,
    but it should be possible to quiet audit messages by using the "deny"
    AppArmor rule modifier. (LP: #1226356)
  * debian/patches/aa-mediation.patch: Fix a bug in the code that builds
    AppArmor queries for the process that is receiving a message. The
    message's destination was being used, as opposed to the message's source,
    as the peer name in the query string. (LP: #1233895)
  * debian/patches/aa-mediate-eavesdropping.patch: Don't allow applications
    that are confined by AppArmor to eavesdrop. Ideally, this would be
    configurable with AppArmor policy, but the parser does not yet support
    any type of eavesdropping permission. For now, confined applications will
    simply not be allowed to eavesdrop. (LP: #1229280)
 -- Tyler Hicks <tyhicks at canonical.com>   Fri, 04 Oct 2013 09:59:21 -0700

** Changed in: dbus (Ubuntu Saucy)
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to dbus in Ubuntu.
https://bugs.launchpad.net/bugs/1233895

Title:
  AppArmor hooks incorrectly build query string for receiving process

Status in “apparmor-easyprof-ubuntu” package in Ubuntu:
  Fix Released
Status in “dbus” package in Ubuntu:
  Fix Released
Status in “apparmor-easyprof-ubuntu” source package in Saucy:
  Fix Released
Status in “dbus” source package in Saucy:
  Fix Released

Bug description:
  While reviewing the AppArmor hooks in dbus-daemon, I noticed that the AppArmor
  query string for the receiving process was being constructed incorrectly in
  dbus 1.6.12-0ubuntu5.

  Here's the query for the sending process. Note that the message destination is
  used for the AppArmor query's peer name (the fourth parameter):

        qsize = build_query (&qstr, scon->context, bustype, destination,
                             tcon->context, path, interface, method);

  Here's the query for the receiving process. Note that the message destination
  is still being used for the AppArmor query's peer name. This is incorrect
  because the peer of the receiving process is the sender.

        qsize = build_query (&qstr, tcon->context, bustype, destination,
                             scon->context, path, interface, method);

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor-easyprof-ubuntu/+bug/1233895/+subscriptions