Bug 995594 - (CVE-2016-1585) VUL-0: CVE-2016-1585: apparmor: mount rules grant excessive permissions
VUL-0: CVE-2016-1585: apparmor: mount rules grant excessive permissions
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Goldwyn Rodrigues
Security Team bot
Depends on:
  Show dependency treegraph
Reported: 2016-08-25 14:40 UTC by Marcus Meissner
Modified: 2017-07-13 22:35 UTC (History)
4 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2016-08-25 14:40:26 UTC

The rule
  mount options=(rw,make-slave) -> **,

ends up allowing
  mount -t proc proc /mnt

which it shouldn't as it should be restricted to commands with a make-slave flag

Comment 1 Marcus Meissner 2016-08-25 14:41:22 UTC
not sure which parser versions even allow that, its probably not in the older ones.
Comment 2 Marcus Meissner 2016-08-25 14:46:14 UTC
seems to have been introduced in 2.8 . that would make sle12 and opensuse affected.
Comment 3 Christian Boltz 2016-08-25 15:51:36 UTC
The kernel code to handle mount rules is currently only in the Ubuntu kernel (not upstream, also not in openSUSE). Therefore I doubt we are affected because apparmor_parser will only honor mount rules if the kernel supports them.

Nevertheless I'M CC'ing John Johansen (one of the upstream developers who focuses on apparmor_parser and the AppArmor kernel code) - John, please correct me if the above is wrong ;-)
Comment 4 Swamp Workflow Management 2016-08-25 22:00:24 UTC
bugbot adjusting priority
Comment 5 Johannes Segitz 2017-07-13 15:21:17 UTC