Public bug reported:
Apparmor rules for evince forbid opening a PDF from an external drive mounted
under /media/… unless its filename ends in '.pdf'.
Same file will be opened if it is copied to /home/… or renamed to a filename
tailing in '.pdf' on the external drive.
See bugs #1096837 and #1327161.
On a GNU/Linux system like Ubuntu these rules are useless because
filetype is not determined by an extension. Checking the filename adds
no security. It smells like snakeoil to me.
Please review the apparmor profile. On an GNU/Linux system opening a PDF
should not denied on filename.
This bug affects Ubuntu versions 14.04 LTS, 12.04 LTS and 10.04 LTS.
** Affects: evince (Ubuntu)
Importance: Undecided
Status: New
** Description changed:
Apparmor rules for evince forbid opening a PDF from an external drive mounted
under /media/… unless its filename ends in '.pdf'.
Same file will be opened if it is copied to /home/… or renamed to a filename
tailing in '.pdf' on the external drive.
See bugs #1096837 and #1327161.
On a GNU/Linux system like Ubuntu these rules are useless because
filetype ist not determined by an extension. Checking the filename adds
- no security. It smels like snakeoil to me.
+ no security. It smells like snakeoil to me.
Please review the apparmor profile. On an GNU/Linux system opening a PDF
should not denied on filename.
This bug affects Ubuntu versions 14.04 LTS, 12.04 LTS and 10.04 LTS.
** Information type changed from Private Security to Public
** Description changed:
Apparmor rules for evince forbid opening a PDF from an external drive mounted
under /media/… unless its filename ends in '.pdf'.
Same file will be opened if it is copied to /home/… or renamed to a filename
tailing in '.pdf' on the external drive.
See bugs #1096837 and #1327161.
On a GNU/Linux system like Ubuntu these rules are useless because
- filetype ist not determined by an extension. Checking the filename adds
+ filetype is not determined by an extension. Checking the filename adds
no security. It smells like snakeoil to me.
Please review the apparmor profile. On an GNU/Linux system opening a PDF
should not denied on filename.
This bug affects Ubuntu versions 14.04 LTS, 12.04 LTS and 10.04 LTS.
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to evince in Ubuntu.
https://bugs.launchpad.net/bugs/1330430
Title:
apparmor profile needs review/improvement
Status in “evince” package in Ubuntu:
New
Bug description:
Apparmor rules for evince forbid opening a PDF from an external drive mounted
under /media/… unless its filename ends in '.pdf'.
Same file will be opened if it is copied to /home/… or renamed to a filename
tailing in '.pdf' on the external drive.
See bugs #1096837 and #1327161.
On a GNU/Linux system like Ubuntu these rules are useless because
filetype is not determined by an extension. Checking the filename adds
no security. It smells like snakeoil to me.
Please review the apparmor profile. On an GNU/Linux system opening a
PDF should not denied on filename.
This bug affects Ubuntu versions 14.04 LTS, 12.04 LTS and 10.04 LTS.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/evince/+bug/1330430/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
