← Back to team overview

touch-packages team mailing list archive

  1. touch-packages team
  2. Mailing list archive
  3. Message #52692

[Bug 1219644] Re: Account plugins should be made confinable by apparmor

  Thread PreviousDate PreviousThread Next 
This bug was fixed in the package apparmor-easyprof-ubuntu - 1.3.4

---------------
apparmor-easyprof-ubuntu (1.3.4) vivid; urgency=medium

  [ Alberto Mardegan ]
  * ubuntu/accounts: explictly deny access to the p2p socket. This will now be
    available only to unconfined apps to support a trusted socket for
    privileged processes (LP: #1415492)

  [ Jamie Strandboge ]
  * add ubuntu/1.2/ubuntu-account-plugin template and add to 1.3 policy
    (LP: #1219644)
  * adjust expected_templates_12 in autopkgtests to have ubuntu-account-plugin
  * ubuntu/webview: allow /sys/devices/system/cpu/*/cpufreq/cpuinfo_max_freq
    readonly access
 -- Jamie Strandboge <jamie@xxxxxxxxxx>   Tue, 03 Feb 2015 16:24:15 -0600

** Changed in: apparmor-easyprof-ubuntu (Ubuntu)
       Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1219644

Title:
  Account plugins should be made confinable by apparmor

Status in tools to review click packages:
  Confirmed
Status in Online Accounts setup for Ubuntu Touch:
  Fix Released
Status in apparmor-easyprof-ubuntu package in Ubuntu:
  Fix Released
Status in ubuntu-system-settings-online-accounts package in Ubuntu:
  Fix Released

Bug description:
  With the current implementation, the QML files for account plugins are
  executed by the Online Accounts QML applet which in turn is executed
  within the System Settings process, which probably means that
  malicious account plugins could control everything that the System
  Settings process can (like entering/exiting the flight mode).

  Account plugins (or the Online Accounts applet itself) should probably
  be run in a separate process, which could then be assigned a stricter
  confinement with apparmor.

To manage notifications about this bug go to:
https://bugs.launchpad.net/click-reviewers-tools/+bug/1219644/+subscriptions
  Thread PreviousDate PreviousThread Next