ubuntu-appstore-developers team mailing list archive

[Ted Gould <ted@xxxxxxxxxx>]

On Fri, 2013-09-06 at 07:51 -0500, Jamie Strandboge wrote:

> On 09/05/2013 10:10 PM, Ted Gould wrote:
> > Which brings up an interesting attack possibility.  An application with a
> > corrupted application icon that gets loaded directly by Unity.  You wouldn't
> > even need to have the app installed as browsing through the click scope would be
> > enough.  Most icon loaders should be pretty robust by now...
> > 
> 
> Yes, this is something I considered. For now I think we just have to treat that
> as a security vulnerability in Unity/the underlying libraries like we do now.
> Ultimately, I think we should probably handle it like gettext and the
> infographic-- icon loading is handled in a separate process with an apparmor
> profile and ideally seccomp. Do you know otoh what I should file this wishlist
> bug against?



No, it would be a bit unclear.  If nothing else, because hopefully soon
we'd be giving things like JPEGs directly to the GPU to decode.
(though, we've been saying that for years)

Another thought that I had was that perhaps we could just decompress and
recompress the icons server side.  Basically upload, convert to XPM,
then back to PNG.  If an attack can survive in an XPM it deserves to
live :-)

Ted

Attachment: signature.asc
Description: This is a digitally signed message part