desktop-packages team mailing list archive

Thread
Date

[Bug 851986] Re: use of Ux in ubuntu-* abstractions and profiles is too lenient and should be improved

To: desktop-packages@xxxxxxxxxxxxxxxxxxx
From: Jamie Strandboge <jamie@xxxxxxxxxx>
Date: Wed, 11 Jan 2012 14:44:09 -0000
Reply-to: Bug 851986 <851986@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

I have landed a sanitized helper ubuntu abstraction upstream that should
work for python and mmaping user owned files which is tested to work
with evince and the new QRT environment filtering tests in test-
apparmor.py. This is a workaround until proper environment filtering can
be implemented in AppArmor which will not land in time for 12.04.

Unfortunately, these changes are pretty intrusive and I don't think we
should SRU this into 11.10 or earlier. These users still benefit from
the existing protections.

** Changed in: apparmor (Ubuntu Precise)
   Importance: Medium => High

** Changed in: apparmor (Ubuntu Precise)
       Status: In Progress => Fix Committed

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to evince in Ubuntu.
https://bugs.launchpad.net/bugs/851986

Title:
  use of Ux in ubuntu-* abstractions and profiles is too lenient and
  should be improved

Status in “apparmor” package in Ubuntu:
  Fix Committed
Status in “cups” package in Ubuntu:
  Triaged
Status in “evince” package in Ubuntu:
  In Progress
Status in “firefox” package in Ubuntu:
  In Progress
Status in “apparmor” source package in Oneiric:
  Won't Fix
Status in “cups” source package in Oneiric:
  Won't Fix
Status in “evince” source package in Oneiric:
  Won't Fix
Status in “firefox” source package in Oneiric:
  Won't Fix
Status in “apparmor” source package in Precise:
  Fix Committed
Status in “cups” source package in Precise:
  Won't Fix
Status in “evince” source package in Precise:
  In Progress
Status in “firefox” source package in Precise:
  In Progress

Bug description:
  Ux clears potentially harmful environment variables such as LD_PRELOAD
  and LD_LIBRARY_PATH (and others). Because it doesn't clear out all
  variables that can influence child processes, the confined parent
  process may have too much influence over the child. When considering
  GUI applications such as those based on gtk, child processes can also
  be called with --gtk-module.

  Since there are several applications in the ubuntu-specific
  abstractions that can be affected in this manner, evince, firefox, the
  chromium profile as included in apparmor-profiles and the ubuntu-
  specific abstractions themselves should be adjusted to address this
  issue. Cups is also affected because of its use of Ux with filters,
  however it runs these filters as non-root and the environment under
  which these filters is run is more tightly controlled. Cups should be
  investigated more and we should consider confining (at least) those
  filters that we ship in Ubuntu.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/851986/+subscriptions

References

[Bug 851986] [NEW] use of Ux in ubuntu-* abstractions and profiles is too lenient
From: Jamie Strandboge, 2011-09-16