touch-packages team mailing list archive

Thread
Date

[Bug 1392380] Re: OA gives out all tokens to any app

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: Marc Deslauriers <marc.deslauriers@xxxxxxxxxxxxx>
Date: Fri, 14 Nov 2014 13:44:42 -0000
Reply-to: Bug 1392380 <1392380@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Information type changed from Private Security to Public Security

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to signon in Ubuntu.
https://bugs.launchpad.net/bugs/1392380

Title:
  OA gives out all tokens to any app

Status in “signon” package in Ubuntu:
  Confirmed

Bug description:
  The attached app will steal all your tokens. All it takes is the
  "accounts" permission in the apparmor file.

  Here's the code: https://pastebin.canonical.com/120398/

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/signon/+bug/1392380/+subscriptions