diff options
Diffstat (limited to 'testing/apparmor/0003-libapparmor-do-not-honor-LIBAPPARMOR_DEBUG-when-secu.patch')
-rw-r--r-- | testing/apparmor/0003-libapparmor-do-not-honor-LIBAPPARMOR_DEBUG-when-secu.patch | 53 |
1 files changed, 53 insertions, 0 deletions
diff --git a/testing/apparmor/0003-libapparmor-do-not-honor-LIBAPPARMOR_DEBUG-when-secu.patch b/testing/apparmor/0003-libapparmor-do-not-honor-LIBAPPARMOR_DEBUG-when-secu.patch new file mode 100644 index 0000000000..71c88b8699 --- /dev/null +++ b/testing/apparmor/0003-libapparmor-do-not-honor-LIBAPPARMOR_DEBUG-when-secu.patch @@ -0,0 +1,53 @@ +From f55d5b3ff0be7c8e903dc367b7747324e9556dd5 Mon Sep 17 00:00:00 2001 +From: Patrick Steinhardt <ps@pks.im> +Date: Thu, 26 Apr 2018 14:52:17 +0100 +Subject: [PATCH 03/11] libapparmor: do not honor $LIBAPPARMOR_DEBUG when + `secure_getenv` is undefined + +The `secure_getenv` function is a non-POSIX compliant extension of +glibc. In contrast to the POSIX `getenv`, `secure_getenv` will return +`NULL` for all environment variables when the program is run with +escalated privileges due to an SUID or SGID bit. Some strictly +POSIX-compliant libc libraries, most notably musl libc, do not have this +function and do not wish to implement it. Thus, AppArmor cannot be +compiled on such systems. + +In libapparmor, `secure_getenv` is only used to determine whether the +environment variable DEBUG_ENV_VAR has been set to enable debugging. In +case an unprivileged user runs a SUID/SGID executable linked against +libapparmor, we do not want that user to be able to get additional +information via debug output. + +The fix here is to produce an error only in case where debug output is +enabled by defining ENABLE_DEBUG_OUTPUT. Otherwise, we simply define +`secure_getenv` to `NULL` to completely disable the debug output. + +(cherry picked from commit 778176b9d84580f2e5a3be301ef9797b34ed69b9) + +Signed-off-by: Patrick Steinhardt <ps@pks.im> +Acked-by: Steve Beattie <steve@nxnw.org> + +PR: https://gitlab.com/apparmor/apparmor/merge_requests/107 +--- + libraries/libapparmor/src/private.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/libraries/libapparmor/src/private.c b/libraries/libapparmor/src/private.c +index 218f6628..f5cc2a4c 100644 +--- a/libraries/libapparmor/src/private.c ++++ b/libraries/libapparmor/src/private.c +@@ -38,8 +38,10 @@ + #ifndef HAVE_SECURE_GETENV + #ifdef HAVE___SECURE_GETENV + #define secure_getenv __secure_getenv ++ #elif ENABLE_DEBUG_OUTPUT ++ #error Debug output is not possible without a secure_getenv() implementation. + #else +- #error neither secure_getenv nor __secure_getenv is available ++ #define secure_getenv(env) NULL + #endif + #endif + +-- +2.17.1 + |