[Apparmor-general] Failed to change_hat
to 'HANDLING_UNTRUSTED_INPUT'
Crispin Cowan
crispin at novell.com
Wed Jan 31 15:58:53 MST 2007
Christian Boltz wrote:
>> There is another possibility; it would be very low probability, but
>> it could happen: the mod_apparmor shipped in 10.2 had a mistake in
>> the immunix_init() function. We forgot to screen for a magic cookie
>> of all-zeros:
>>
>> https://forgesvn1.novell.com/viewsvn/apparmor/tags/OS_10.2/changehat/
>> mod_apparmor/mod_apparmor.c?view=markup
>> ...
>>
>> However, this magic cookie is seeded once-per-server,
>>
> Does once-per-server mean "per Apache server process" or "per machine"?
>
I think "once per Apache server process" unless there is really weird
threading going on.
>> so the chances of hitting it would be quite low.
>>
> The fact that I have seen the error message on two (of two tested)
> machines suggests that there must be another problem.
> But there's still Murphy ;-)
>
"Quite low" is 1 in 4 billion. Murphy could make me believe you saw it
once, but not twice. You could plausibly see it in a stress test rig
that was exec()'ing thousands of processes per second for days on end.
If you exec() 1000 processes per second, you will see it on average
about every 50 days.
Crispin
--
Crispin Cowan, Ph.D. http://crispincowan.com/~crispin/
Director of Software Engineering, Novell http://novell.com
Hacking is exploiting the gap between "intent" and "implementation"
More information about the Apparmor-general
mailing list