Fix handling of interpreters with parameters

If a script contains a hashbang like #! /usr/bin/perl -w aa-autodep created a profile entry like "/usr/bin/perl -w" ix, which is obviously incorrect. This patch fixes this (by using only the first part of the hashbang line) and also adds some tests for it. References: https://bugs.launchpad.net/apparmor/+bug/1505775 Acked-by: Kshitij Gupta <kgupta8592@gmail.com> Bug: https://launchpad.net/bugs/1393979
2025-08-30 22:05:27 +00:00 · 2015-10-20 23:18:43 +02:00
parent d5e9a7ec70
commit bdd8884ab4
2 changed files with 4 additions and 1 deletions
--- a/utils/apparmor/aa.py
+++ b/utils/apparmor/aa.py
@@ -420,7 +420,8 @@ def get_interpreter_and_abstraction(exec_target):
    if not hashbang.startswith('#!'):
        return None, None

-    interpreter = hashbang[2:].strip()
+    # get the interpreter (without parameters)
+    interpreter = hashbang[2:].strip().split()[0]
    interpreter_path = get_full_path(interpreter)
    interpreter = re.sub('^(/usr)?/bin/', '', interpreter_path)

--- a/utils/test/test-aa.py
+++ b/utils/test/test-aa.py
@@ -105,7 +105,9 @@ class AaTest_get_interpreter_and_abstraction(AATest):
        ('#!/bin/dash',             ('/bin/dash',           'abstractions/bash')),
        ('#!/bin/sh',               ('/bin/sh',             'abstractions/bash')),
        ('#!  /bin/sh  ',           ('/bin/sh',             'abstractions/bash')),
+        ('#!  /bin/sh  -x ',        ('/bin/sh',             'abstractions/bash')),  # '-x' is not part of the interpreter path
        ('#!/usr/bin/perl',         ('/usr/bin/perl',       'abstractions/perl')),
+        ('#!/usr/bin/perl -w',      ('/usr/bin/perl',       'abstractions/perl')),  # '-w' is not part of the interpreter path
        ('#!/usr/bin/python',       ('/usr/bin/python',     'abstractions/python')),
        ('#!/usr/bin/python2',      ('/usr/bin/python2',    'abstractions/python')),
        ('#!/usr/bin/python2.7',    ('/usr/bin/python2.7',  'abstractions/python')),