ubuntu-webapps-bugs team mailing list archive
-
ubuntu-webapps-bugs team
-
Mailing list archive
-
Message #04299
[Bug 1260103] Re: oxide should use an app-specific path for shared memory files
Proposed fix for oxide:
https://code.launchpad.net/~osomon/oxide/+git/oxide/+merge/303821.
** Also affects: oxide/1.17
Importance: Undecided
Status: New
** Changed in: oxide/1.17
Assignee: (unassigned) => Olivier Tilloy (osomon)
** Changed in: oxide/1.17
Importance: Undecided => Medium
** Changed in: oxide/1.17
Status: New => Confirmed
** Changed in: oxide/1.17
Milestone: None => 1.17.4
--
You received this bug notification because you are a member of Ubuntu
WebApps bug tracking, which is subscribed to Oxide.
https://bugs.launchpad.net/bugs/1260103
Title:
oxide should use an app-specific path for shared memory files
Status in Canonical System Image:
In Progress
Status in Oxide:
In Progress
Status in Oxide 1.17 series:
Confirmed
Status in webapps-sprint:
Fix Committed
Status in apparmor-easyprof-ubuntu package in Ubuntu:
Confirmed
Bug description:
Oxide creates shared memory files as /run/shm/.org.chromium.Chromium.*. This results in an AppArmor rule like the following:
owner /run/shm/.org.chromium.Chromium.* rwk,
But this rule is too lenient because a malicious app could enumerate
these files and attack shared memory of other applications. Therefore,
these paths need to be made application specific.
To manage notifications about this bug go to:
https://bugs.launchpad.net/canonical-devices-system-image/+bug/1260103/+subscriptions