needless use of "m" flag now that PROT_EXEC bug on i386 was solved

Bug #270663 reported by Kees Cook
2
Affects Status Importance Assigned to Milestone
apparmor (Ubuntu)
Fix Released
Undecided
Kees Cook
cups (Ubuntu)
Fix Released
Medium
Martin Pitt
mysql-dfsg-5.0 (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

Binary package hint: apparmor

abstractions:

fonts: /var/cache/fontconfig/** mr,
fonts: @{HOME}/.fonts.cache-2 mr,

samba: /usr/share/samba/*.dat mr,
samba: /var/run/samba/*.tdb mrw,

base: /dev/zero mrw,

Revision history for this message
Kees Cook (kees) wrote :

In cups:

usr.sbin.cupsd: /etc/shadow m,
usr.sbin.cupsd: /etc/passwd m,
usr.sbin.cupsd: /etc/group m,

In mysqld:

usr.sbin.mysqld: /etc/group m,
usr.sbin.mysqld: /etc/passwd m,

These can be dropped now.

Revision history for this message
Chuck Short (zulcss) wrote :

Will do after the alpha is released.

chuck

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package mysql-dfsg-5.0 - 5.0.67-0ubuntu6

---------------
mysql-dfsg-5.0 (5.0.67-0ubuntu6) intrepid; urgency=low

  * Clean up mysql apparmor profile. (LP: #270663)

 -- Chuck Short <email address hidden> Thu, 18 Sep 2008 09:37:56 -0400

Changed in mysql-dfsg-5.0:
status: New → Fix Released
Revision history for this message
Kees Cook (kees) wrote :

Fixed in Apparmor for Intrepid.

Changed in apparmor:
assignee: nobody → kees
status: New → Fix Released
Revision history for this message
Kees Cook (kees) wrote :

Attached patch for cups.

Changed in cups:
assignee: nobody → pitti
importance: Undecided → Medium
status: New → In Progress
Revision history for this message
Martin Pitt (pitti) wrote :

Committed to packaging trunk, thanks Kees!

Changed in cups (Ubuntu):
status: In Progress → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package cups - 1.3.9-16

---------------
cups (1.3.9-16) unstable; urgency=low

  [ Till Kamppeter ]
  * debian/local/filters/pdf-filters/pdftopdf/P2PResources.cxx: Fixed
    corruption of output when generating mmultiple copies of EOG or GIMP
    output files (LP: #345183).
  * debian/cups.postinst: Silenced non-fatal error messages when
    post-instyall script updates PPDs and there are PPDs not belonging to
    a CUPS queue in /etc/cups/ppd/ (LP: #345866).

  [ Martin Pitt ]
  * debian/local/apparmor-profile: Drop 'm' permission for /etc/passwd and
    friends, which was a workaround for a kernel apparmor bug on i386. This is
    fixed in current kernels. Thanks to Kees Cook for pointing this out!
    (LP: #270663)
  * debian/cups.install: Do not install the unnecessary (and broken) D-BUS
    configuration file any more. All cupsd does is to send signals, which are
    allowed by default. It does not provide any D-BUS service right now. Also
    remove the obsolete file on upgrades in debian/cups.preinst.
    (Closes: #510634, LP: #318742)
  * Add logfiles_adm_readable.dpatch: Make log files readable by group "adm".
    (LP: #345953)
  * debian/changelog: Fix cruft at the end of file.
  * debian/local/apparmor-profile: Explicitly deny access to /dev/tty and
    writing access to /etc/krb5.conf, so that accesses to them do not create
    log spewage. (LP: #348556)

 -- Martin Pitt <email address hidden> Fri, 27 Mar 2009 09:35:56 +0100

Changed in cups (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.