touch-packages team mailing list archive

Thread
Date

[Bug 1260103] Re: oxide should use an app-specific path for shared memory files

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: Jamie Strandboge <jamie@xxxxxxxxxx>
Date: Mon, 03 Nov 2014 16:07:28 -0000
Reply-to: Bug 1260103 <1260103@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: apparmor-easyprof-ubuntu (Ubuntu)
       Status: New => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1260103

Title:
  oxide should use an app-specific path for shared memory files

Status in Oxide Webview:
  New
Status in “apparmor-easyprof-ubuntu” package in Ubuntu:
  Confirmed

Bug description:
  Oxide creates shared memory files as /run/shm/.org.chromium.Chromium.*. This results in an AppArmor rule like the following:
    owner /run/shm/.org.chromium.Chromium.* rwk, 

  But this rule is too lenient because a malicious app could enumerate
  these files and attack shared memory of other applications. Therefore,
  these paths need to be made application specific.

To manage notifications about this bug go to:
https://bugs.launchpad.net/oxide/+bug/1260103/+subscriptions