ID: 938PHID: PHID-TASK-lmu7zifcy5hgwjxnx753Author: PatrickStatus at Migration Time: resolvedPriority at Migration Time: Normal
@madaidan
Or, maybe we can make an issue on the apparmor gitlab repo about adding specific variables that can be whitelisted when using environment scrubbing if that’s even possible.
The binary the wrapper script executes would have to be whitelisted. We can’t just whitelist the wrapper.
We could probably make a list of programs to use hardened_malloc with and whitelist them but then that would also allow any malicious LD_PRELOAD tricks on those programs.
Or, maybe we can make an issue on the apparmor gitlab repo about adding specific variables that can be whitelisted when using environment scrubbing if that’s even possible.
e.g.
/bin/bash Pix allow_var="LD_PRELOAD=/usr…
2019-11-23 16:51:01 UTC
2019-11-23 16:53:32 UTC