Information
ID: 938
PHID: PHID-TASK-lmu7zifcy5hgwjxnx753
Author: Patrick
Status at Migration Time: resolved
Priority at Migration Time: Normal
Description
@madaidan
Or, maybe we can make an issue on the apparmor gitlab repo about adding specific variables that can be whitelisted when using environment scrubbing if that’s even possible.
The binary the wrapper script executes would have to be whitelisted. We can’t just whitelist the wrapper.
We could probably make a list of programs to use hardened_malloc with and whitelist them but then that would also allow any malicious LD_PRELOAD tricks on those programs.
Or, maybe we can make an issue on the apparmor gitlab repo about adding specific variables that can be whitelisted when using environment scrubbing if that’s even possible.
e.g.
/bin/bash Pix allow_var="LD_PRELOAD=/usr…
Comments
madaidan
2019-11-23 16:51:01 UTC
Patrick
2019-11-23 16:53:32 UTC