[Desktop-packages] [Bug 715874] Re: gnome thumbnailers should have an apparmor profile

Tue, 01 May 2012 16:13:26 -0700 

** Changed in: gnome-utils (Ubuntu)
       Status: In Progress => Triaged

** Changed in: totem (Ubuntu)
       Status: In Progress => Triaged

** Changed in: gnome-desktop3 (Ubuntu)
     Assignee: Jamie Strandboge (jdstrand) => (unassigned)

** Changed in: gnome-utils (Ubuntu)
     Assignee: Jamie Strandboge (jdstrand) => (unassigned)

** Changed in: totem (Ubuntu)
     Assignee: Jamie Strandboge (jdstrand) => (unassigned)

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to gnome-desktop3 in Ubuntu.
https://bugs.launchpad.net/bugs/715874

Title:
  gnome thumbnailers should have an apparmor profile

Status in “gnome-desktop3” package in Ubuntu:
  Triaged
Status in “gnome-utils” package in Ubuntu:
  Triaged
Status in “totem” package in Ubuntu:
  Triaged

Bug description:
  Binary package hint: gnome-control-center

  Nautilus normally uses gnome-thumbnail-font, to provide font previews. Eg:
  $ gconftool-2 -g /desktop/gnome/thumbnailers/application@x-font-ttf/enable
  true
  $ gconftool-2 -g /desktop/gnome/thumbnailers/application@x-font-ttf/command
  gnome-thumbnail-font %u %o

  If a flaw is discovered in a font library or Gnome and a user
  navigates to a directory that has a malicious font file, gnome-
  thumbnail-font could be used to execute arbitrary code, write out to
  files or leak information. Providing an apparmor profile for gnome-
  thumbnail-font would be a good step towards proactively protecting the
  user from this sort of attack.

  The same can be said for other thumbnailers. Nautilus also uses totem-
  video-thumbnail and evince-thumbnailer (evince-thumbnailer has an
  apparmor profile already). For images, nautilus uses gdk-pixbuf
  routines via gnome-desktop, but these can be altered to use evince-
  thumbnailer by installing schema files for the various image mime-
  types and updating gnome-desktop to not fallback to gdk-pixbuf on
  thumbnail script error.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnome-desktop3/+bug/715874/+subscriptions

-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to     : [email protected]
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to