desktop-packages team mailing list archive

[Jamie Strandboge <jamie@xxxxxxxxxx>]

Public bug reported:

Ux clears potentially harmful environment variables such as LD_PRELOAD
and LD_LIBRARY_PATH (and others). Because it doesn't clear out all
variables that can influence child processes, the confined parent
process may have too much influence over the child. When considering GUI
applications such as those based on gtk, child processes can also be
called with --gtk-module.

Since there are several applications in the ubuntu-specific abstractions
that can be affected in this manner, evince, firefox, the chromium
profile as included in apparmor-profiles and the ubuntu-specific
abstractions themselves should be adjusted to address this issue. Cups
is also affected because of its use of Ux with filters, however it runs
these filters as non-root and the environment under which these filters
is run is more tightly controlled. Cups should be investigated more and
we should consider confining (at least) those filters that we ship in
Ubuntu.

** Affects: apparmor (Ubuntu)
     Importance: Medium
     Assignee: Jamie Strandboge (jdstrand)
         Status: In Progress

** Affects: cups (Ubuntu)
     Importance: Undecided
         Status: Confirmed

** Affects: evince (Ubuntu)
     Importance: High
     Assignee: Jamie Strandboge (jdstrand)
         Status: In Progress

** Affects: firefox (Ubuntu)
     Importance: Medium
     Assignee: Jamie Strandboge (jdstrand)
         Status: Triaged

** Affects: apparmor (Ubuntu Oneiric)
     Importance: Medium
     Assignee: Jamie Strandboge (jdstrand)
         Status: In Progress

** Affects: cups (Ubuntu Oneiric)
     Importance: Undecided
         Status: Confirmed

** Affects: evince (Ubuntu Oneiric)
     Importance: High
     Assignee: Jamie Strandboge (jdstrand)
         Status: In Progress

** Affects: firefox (Ubuntu Oneiric)
     Importance: Medium
     Assignee: Jamie Strandboge (jdstrand)
         Status: Triaged

** Also affects: firefox (Ubuntu)
   Importance: Undecided
       Status: New

** Also affects: evince (Ubuntu)
   Importance: Undecided
       Status: New

** Also affects: cups (Ubuntu)
   Importance: Undecided
       Status: New

** Also affects: apparmor (Ubuntu Oneiric)
   Importance: Undecided
       Status: New

** Also affects: cups (Ubuntu Oneiric)
   Importance: Undecided
       Status: New

** Also affects: evince (Ubuntu Oneiric)
   Importance: Undecided
       Status: New

** Also affects: firefox (Ubuntu Oneiric)
   Importance: Undecided
       Status: New

** Summary changed:

- use of Ux in ubuntu-* abstractions and evince is too lenient
+ use of Ux in ubuntu-* abstractions and profiles is too lenient

** Changed in: apparmor (Ubuntu Oneiric)
    Milestone: None => ubuntu-11.10-beta-2

** Changed in: evince (Ubuntu Oneiric)
    Milestone: None => ubuntu-11.10-beta-2

** Changed in: firefox (Ubuntu Oneiric)
    Milestone: None => ubuntu-11.10-beta-2

** Changed in: firefox (Ubuntu Oneiric)
     Assignee: (unassigned) => Jamie Strandboge (jdstrand)

** Changed in: evince (Ubuntu Oneiric)
     Assignee: (unassigned) => Jamie Strandboge (jdstrand)

** Changed in: apparmor (Ubuntu Oneiric)
     Assignee: (unassigned) => Jamie Strandboge (jdstrand)

** Changed in: apparmor (Ubuntu Oneiric)
       Status: New => In Progress

** Changed in: evince (Ubuntu Oneiric)
       Status: New => In Progress

** Changed in: firefox (Ubuntu Oneiric)
       Status: New => Triaged

** Changed in: evince (Ubuntu Oneiric)
       Status: In Progress => Confirmed

** Changed in: evince (Ubuntu Oneiric)
   Importance: Undecided => High

** Changed in: firefox (Ubuntu Oneiric)
   Importance: Undecided => Medium

** Changed in: apparmor (Ubuntu Oneiric)
   Importance: Undecided => Medium

** Changed in: evince (Ubuntu Oneiric)
       Status: Confirmed => In Progress

** Changed in: cups (Ubuntu Oneiric)
       Status: New => Confirmed

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox in Ubuntu.
https://bugs.launchpad.net/bugs/851986

Title:
  use of Ux in ubuntu-* abstractions and profiles is too lenient

Status in “apparmor” package in Ubuntu:
  In Progress
Status in “cups” package in Ubuntu:
  Confirmed
Status in “evince” package in Ubuntu:
  In Progress
Status in “firefox” package in Ubuntu:
  Triaged
Status in “apparmor” source package in Oneiric:
  In Progress
Status in “cups” source package in Oneiric:
  Confirmed
Status in “evince” source package in Oneiric:
  In Progress
Status in “firefox” source package in Oneiric:
  Triaged

Bug description:
  Ux clears potentially harmful environment variables such as LD_PRELOAD
  and LD_LIBRARY_PATH (and others). Because it doesn't clear out all
  variables that can influence child processes, the confined parent
  process may have too much influence over the child. When considering
  GUI applications such as those based on gtk, child processes can also
  be called with --gtk-module.

  Since there are several applications in the ubuntu-specific
  abstractions that can be affected in this manner, evince, firefox, the
  chromium profile as included in apparmor-profiles and the ubuntu-
  specific abstractions themselves should be adjusted to address this
  issue. Cups is also affected because of its use of Ux with filters,
  however it runs these filters as non-root and the environment under
  which these filters is run is more tightly controlled. Cups should be
  investigated more and we should consider confining (at least) those
  filters that we ship in Ubuntu.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/851986/+subscriptions