From patchwork Fri Jul 16 16:14:38 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Georgia Garcia <georgia.garcia@canonical.com>
X-Patchwork-Id: 1506249
Return-Path: <kernel-team-bounces@lists.ubuntu.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
 spf=none (no SPF record) smtp.mailfrom=lists.ubuntu.com
 (client-ip=91.189.94.19; helo=huckleberry.canonical.com;
 envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
 unprotected) header.d=canonical.com header.i=@canonical.com
 header.a=rsa-sha256 header.s=20210705 header.b=pvr4m1Md;
	dkim-atps=neutral
Received: from huckleberry.canonical.com (huckleberry.canonical.com
 [91.189.94.19])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 4GRGXr1zNtz9sf9;
	Sat, 17 Jul 2021 02:14:51 +1000 (AEST)
Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com)
	by huckleberry.canonical.com with esmtp (Exim 4.86_2)
	(envelope-from <kernel-team-bounces@lists.ubuntu.com>)
	id 1m4QUC-0007rM-C5; Fri, 16 Jul 2021 16:14:48 +0000
Received: from smtp-relay-canonical-0.internal ([10.131.114.83]
 helo=smtp-relay-canonical-0.canonical.com)
 by huckleberry.canonical.com with esmtps
 (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2)
 (envelope-from <georgia.garcia@canonical.com>) id 1m4QUA-0007qw-My
 for kernel-team@lists.ubuntu.com; Fri, 16 Jul 2021 16:14:46 +0000
Received: from mail-ed1-f71.google.com (mail-ed1-f71.google.com
 [209.85.208.71])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest
 SHA256)
 (No client certificate requested)
 by smtp-relay-canonical-0.canonical.com (Postfix) with ESMTPS id 92891408AB
 for <kernel-team@lists.ubuntu.com>; Fri, 16 Jul 2021 16:14:46 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com;
 s=20210705; t=1626452086;
 bh=UJ7LDki4tthdY4yzYShdK7oWA5gWTra/CGAwckP6IKo=;
 h=From:To:Subject:Date:Message-Id:In-Reply-To:References:
 MIME-Version;
 b=pvr4m1MdJJkC4O53Dcpizo2mFq9pFdUKUjZINcF3yj60ZticV1gJNNHcEGlBEq12O
 4UVccpwjjdIrX9SRo9AYGUUwNWZbbuTtMEt6Zj62emxMzMP/U6DoCSMce2NR59P97c
 Q3QoaJ0UVLen2YUunzVTjOHI+lHsmt8ymApnsJf67c2YeLZXJK7q9Z+Nt0Obt5jvay
 3aEvfQeOJvK1vfMgqmVZXmP5dLg/4h4HWmWfhftLMO3S/466Qwkx1myjEtCZ+Zvby/
 jBm4e6/zvyeYFcdKaH2mBbN4d8ad0RMYcvQOr7mm27u/XxM8SNUpM2UzFuilSCtUF4
 oSIoJWML5d6Rg==
Received: by mail-ed1-f71.google.com with SMTP id
 ee46-20020a056402292eb02903a1187e547cso5064858edb.0
 for <kernel-team@lists.ubuntu.com>; Fri, 16 Jul 2021 09:14:46 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
 :references:mime-version:content-transfer-encoding;
 bh=UJ7LDki4tthdY4yzYShdK7oWA5gWTra/CGAwckP6IKo=;
 b=mQLXgyiU+vr+VH9gu+fTTVeT8DmSJoFXXDdorSlnTza/c1QDxG7mr3e+GLTxou4vt4
 RG/09Ps9aRgqrKzWikRbzWP6VBl5ucoilktFhr+CQK31luzOLxLqmrjwO+XVzVfU4bWG
 3ueo6tlb8lUGay75Cb7jtppKLx4V4jdrZoGrmhOo2dn0ZXT+tdlILWDzVLGlft4B8pkd
 Opd6dMuqMtLHojSsXLgk6YnJOz8Jz94cXkxtXEOydJgpN7VYMVk1y5lf1Vj6mdBqPIwv
 xeQCe1bXsV+7e54YHK5PKJ/AlFOERW+p4hO6exOLx2918PCvNGyQo7brwcw581X8Hv7z
 VNZA==
X-Gm-Message-State: AOAM532OZSk66Sox9W6z5V7h/Fa+mXYLvKmHoV376pvrUrFj/vI5Pwe7
 7QM2jzbZqgBh62gtrUlU+vlaXV7/4N0X/vqTs8Jy0DcvBz37cpCvMV+0hP/5vS3lGZEPBGSpqxx
 N995EGp9JZ20G6XTX9ETBvDTa3BCLY1yKab8duehhog==
X-Received: by 2002:a05:6402:c6:: with SMTP id
 i6mr15854186edu.330.1626452086112;
 Fri, 16 Jul 2021 09:14:46 -0700 (PDT)
X-Google-Smtp-Source: 
 ABdhPJz1mbUMF8tKimO9MWry+8dgiRV3riOe/CSHGXL352H/NgT7viEeWhQp2DOYnRhM5nYtpQJr2Q==
X-Received: by 2002:a05:6402:c6:: with SMTP id
 i6mr15854172edu.330.1626452085945;
 Fri, 16 Jul 2021 09:14:45 -0700 (PDT)
Received: from localhost ([2001:67c:1562:8007::aac:4557])
 by smtp.gmail.com with ESMTPSA id e6sm3917226edk.63.2021.07.16.09.14.44
 for <kernel-team@lists.ubuntu.com>
 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
 Fri, 16 Jul 2021 09:14:45 -0700 (PDT)
From: Georgia Garcia <georgia.garcia@canonical.com>
To: kernel-team@lists.ubuntu.com
Subject: [SRU][Bionic][PATCH 1/1] apparmor: fix ptrace read check
Date: Fri, 16 Jul 2021 13:14:38 -0300
Message-Id: <20210716161438.894779-2-georgia.garcia@canonical.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <20210716161438.894779-1-georgia.garcia@canonical.com>
References: <20210716161438.894779-1-georgia.garcia@canonical.com>
MIME-Version: 1.0
X-BeenThere: kernel-team@lists.ubuntu.com
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Kernel team discussions <kernel-team.lists.ubuntu.com>
List-Unsubscribe: <https://lists.ubuntu.com/mailman/options/kernel-team>,
 <mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>
List-Archive: <https://lists.ubuntu.com/archives/kernel-team>
List-Post: <mailto:kernel-team@lists.ubuntu.com>
List-Help: <mailto:kernel-team-request@lists.ubuntu.com?subject=help>
List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/kernel-team>,
 <mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>
Errors-To: kernel-team-bounces@lists.ubuntu.com
Sender: "kernel-team" <kernel-team-bounces@lists.ubuntu.com>

From: John Johansen <john.johansen@canonical.com>

BugLink: https://bugs.launchpad.net/bugs/1890848

The ptrace read check is incorrect resulting in policy that is
broader than it needs to be. Fix the check so that read access
permission can be properly detected when other ptrace flags are
set.

Fixes: b2d09ae449ce ("apparmor: move ptrace checks to using labels")
Signed-off-by: John Johansen <john.johansen@canonical.com>
(cherry picked from commit 338d0be437ef10e247a35aed83dbab182cf406a2)
Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com>
---
 security/apparmor/lsm.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index ecadaf8d7595..32eb76b39e09 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -90,7 +90,8 @@ static int apparmor_ptrace_access_check(struct task_struct *child,
 	tracer = begin_current_label_crit_section();
 	tracee = aa_get_task_label(child);
 	error = aa_may_ptrace(tracer, tracee,
-		  mode == PTRACE_MODE_READ ? AA_PTRACE_READ : AA_PTRACE_TRACE);
+			(mode & PTRACE_MODE_READ) ? AA_PTRACE_READ
+						  : AA_PTRACE_TRACE);
 	aa_put_label(tracee);
 	end_current_label_crit_section(tracer);