ubuntu-webapps-bugs team mailing list archive

Thread
Date

[Bug 1260103] Re: oxide should use an app-specific path for shared memory files

To: ubuntu-webapps-bugs@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1260103@xxxxxxxxxxxxxxxxxx>
Date: Thu, 06 Oct 2016 21:22:24 -0000
Reply-to: Bug 1260103 <1260103@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

This bug was fixed in the package apparmor-easyprof-ubuntu - 16.10.3

---------------
apparmor-easyprof-ubuntu (16.10.3) yakkety; urgency=medium

  [ Michi Henning ]
  * add ClientConfig to list of allowed methods for applications using the
    thumbnailer (LP: #1528058)

 -- Jamie Strandboge <jamie@xxxxxxxxxx>  Fri, 26 Aug 2016 10:01:48 -0500

** Changed in: apparmor-easyprof-ubuntu (Ubuntu)
       Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
WebApps bug tracking, which is subscribed to Oxide.
https://bugs.launchpad.net/bugs/1260103

Title:
  oxide should use an app-specific path for shared memory files

Status in Canonical System Image:
  Fix Released
Status in Oxide:
  Fix Released
Status in Oxide 1.17 series:
  Fix Released
Status in webapps-sprint:
  Fix Committed
Status in apparmor-easyprof-ubuntu package in Ubuntu:
  Fix Released

Bug description:
  Oxide creates shared memory files as /run/shm/.org.chromium.Chromium.*. This results in an AppArmor rule like the following:
    owner /run/shm/.org.chromium.Chromium.* rwk, 

  But this rule is too lenient because a malicious app could enumerate
  these files and attack shared memory of other applications. Therefore,
  these paths need to be made application specific.

To manage notifications about this bug go to:
https://bugs.launchpad.net/canonical-devices-system-image/+bug/1260103/+subscriptions