Package: cups-daemon Version: 2.4.18-1 Severity: normal Tags: security User: [email protected] Usertags: modify-profile
Hi, I've been reviewing the current status of our AppArmor confinement in Debian vs. D-Bus. I see that usr.sbin.cupsd includes abstractions/dbus, which grants full system bus access, which probably means arbitrary code execution as root (e.g. via the systemd D-Bus API), so basically a full sandbox escape. We can't do anything about it in Trixie, but in Forky we should eventually get fine-grained D-Bus mediation (I think we already have the kernel support, and now only need the AppArmor 5.x userspace, which I plan to upload to sid once 5.1 is out). Once we have this we can: - include abstractions/dbus-strict instead of abstractions/dbus - add fine-grained dbus rules to allow the operations that are actually needed I believe Ubuntu already has all of the above, so that work can potentially already be done on Ubuntu. In the meantime, being aware of this limitation helps us reason about what the security the AppArmor profile buys us, e.g. when triaging vulnerabilities and assessing their impact. Cheers! -- intrigeri
