desktop-packages team mailing list archive
-
desktop-packages team
-
Mailing list archive
-
Message #04858
[Bug 698194] Re: apparmor private-files profile should include @{HOME}/.config
** Changed in: apparmor (Ubuntu)
Assignee: Jamie Strandboge (jdstrand) => Mark Valens (ever2note)
** Changed in: apparmor (Ubuntu)
Assignee: Mark Valens (ever2note) => (unassigned)
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to evince in Ubuntu.
https://bugs.launchpad.net/bugs/698194
Title:
apparmor private-files profile should include @{HOME}/.config
Status in “apparmor” package in Ubuntu:
Fix Released
Status in “evince” package in Ubuntu:
Fix Released
Status in “apparmor” source package in Lucid:
Fix Released
Status in “evince” source package in Lucid:
Won't Fix
Status in “apparmor” source package in Maverick:
Fix Released
Status in “evince” source package in Maverick:
Won't Fix
Status in “apparmor” source package in Natty:
Fix Released
Status in “evince” source package in Natty:
Fix Released
Bug description:
SRU
1. This update provides additional protection for consumers of the
private-files and private-files-strict abstractions. In Ubuntu, the
evince and firefox profiles use the private-files abstraction. The
firefox profile is disabled by default.
2. This was fixed in 2.6~devel+bzr1617-0ubuntu1 in natty, which is
upstream revision 1618 in apparmor-trunk.
3. debdiffs are attached
4. TEST CASE:
* open evince with an image or PDF
* try to save the file (via File/Save a copy) to ~/.config/autostart and/or ~/.kde/Autostart
Evince should not be able to save the file.
5. The impact on users should be very low as these are abstraction
updates that aren't in widespread use beyond these two Ubuntu
profiles.
Original description:
Binary package hint: apparmor
The usr.bin.evince AppArmor profile includes the line "@{HOME}/** rw",
which gives read/write access to the user's home directory. Some files
are explicitly denied by including the "abstractions/private-files"
profile, which blocks write access to files like .profile and
.bash_profile. However, it's still possible to write files to
~/.config/autostart/, which means that an attacker exploiting evince
could drop a desktop shortcut into that directory which would then be
executed the next time the user logs in to the GUI.
I think the best way to fix this would be deny writes to anything in
~/.config in the abstractions/private-files profile.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/698194/+subscriptions