[pkg-apparmor] Bug#1038945: linux: kernel null pointer dereference loading an invalid AppArmor profile, regression since 6.1
Simon McVittie
smcv at debian.org
Mon Sep 11 11:21:05 BST 2023
Control: found -1 6.4.13-1
Control: found -1 6.5.1-1~exp1
On Fri, 08 Sep 2023 at 20:58:26 +0200, Diederik de Haas wrote:
> On Friday, 23 June 2023 16:36:37 CEST Simon McVittie wrote:
> > Source: linux
> > Version: 6.3.7-1
>
> Can you test whether the bug is still present in 6.4.13?
> Testing with 6.5.1 from Experimental may be useful too.
The bug is still present in both versions.
This should be straightforward for anyone interested in this bug to
reproduce without my help, you don't need any special packages installed
(the invalid profile was originally from the quake4 package, but the bug
can easily be reproduced without quake4). Steps:
- Have a real or virtual machine with apparmor (I used a qemu VM in
virt-manager, running an image produced by autopkgtest-build-qemu)
- Download
https://bugs.debian.org/cgi-bin/bugreport.cgi?att=1;bug=1038945;filename=bad.txt;msg=5
and copy it onto the test machine
- Run as root: "apparmor_parser -Tr /path/to/bad.txt"
- Expected result: successfully loaded or gracefully rejected (either one
would be OK)
- Actual result: a null pointer dereference similar to my initial report
smcv
More information about the pkg-apparmor-team
mailing list