← Back to team overview

touch-packages team mailing list archive

  1. touch-packages team
  2. Mailing list archive
  3. Message #107056

[Bug 1393515] Re: browser allows browsing the phone filesystem

  Thread PreviousDate PreviousThread Next 
Currently the webbrowser is not confined (there is another bug for that)
but webapps are (so this bug doesn't affect, say, facebook in the store,
but it does affect webbrowser-app). There is a bug to confine
webbrowser-app and I agree that with that confinement should come
content-hub integration.

This use case Seth pointed out falls under
https://wiki.ubuntu.com/SecurityAndPrivacySettings/ProtectingUserData
and we are still in 'Phase 1': "For Phase 1, users desiring privacy and
elevated security against casual theft should enable a PIN/password,
protect that PIN/password against theft and not lend the phone to people
they do not trust". In other words, the current implementation does not
protect against lending to a bad actor-- there is only so much we can do
without a guest account on the system designed for lending.

But, we haven't done all we can do without a guest account (ie, phase 1)
yet and we shouldn't make it trivial to access potentially sensitive
data. Seth is right to point out that the web browser is different than
a file browser in that it is read access. It is also true that lending a
phone to someone with your open session allows them to open all your
apps as you (eg, adjust your email settings, request a password reset
from facebook, etc). I think the website misses some of these finer
points, but ultimately I agree with John-- we can do more, today, while
looking forward. How about having the (currently unconfined) webbrowser-
app intercept file:// and use content-hub? While I think there are some
UX issues to deal with (I doubt file:// access was considered in the
current implementation and merely a byproduct of the chromium content
api). This would then make it trivial to confine, would work in the
converged world and prevent trivial read access to data today.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to webbrowser-app in Ubuntu.
https://bugs.launchpad.net/bugs/1393515

Title:
  browser allows browsing the phone filesystem

Status in webbrowser-app package in Ubuntu:
  Confirmed
Status in webbrowser-app package in Ubuntu RTM:
  Confirmed

Bug description:
  Using a URL like: file:/// gets you to the root of the phone
  filesystem ... i assume this is not actually desired since we even
  block the filemanager app to go higher up then $HOME without requiring
  a password.

  The webbrowser-app should either:
   * behave like the file-manager (see bug #1347010 for details)
   * file:/// should be disabled altogether on the phone
   * webbrowser-app should run confined which would force the use of
     content-hub by limiting file:/// access to those paths allowed by
     policy

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/webbrowser-app/+bug/1393515/+subscriptions

Follow ups

References

  Thread PreviousDate PreviousThread Next