[Touch-packages] [Bug 1260103] Re: oxide should use an app-specific path for shared memory files

[Launchpad Bug Tracker]

This bug was fixed in the package apparmor-easyprof-ubuntu - 16.10.3

---
apparmor-easyprof-ubuntu (16.10.3) yakkety; urgency=medium

  [ Michi Henning ]
  * add ClientConfig to list of allowed methods for applications using the
thumbnailer (LP: #1528058)

 -- Jamie Strandboge   Fri, 26 Aug 2016 10:01:48 -0500

** Changed in: apparmor-easyprof-ubuntu (Ubuntu)
   Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1260103

Title:
  oxide should use an app-specific path for shared memory files

Status in Canonical System Image:
  Fix Released
Status in Oxide:
  Fix Released
Status in Oxide 1.17 series:
  Fix Released
Status in webapps-sprint:
  Fix Committed
Status in apparmor-easyprof-ubuntu package in Ubuntu:
  Fix Released

Bug description:
  Oxide creates shared memory files as /run/shm/.org.chromium.Chromium.*. This 
results in an AppArmor rule like the following:
owner /run/shm/.org.chromium.Chromium.* rwk, 

  But this rule is too lenient because a malicious app could enumerate
  these files and attack shared memory of other applications. Therefore,
  these paths need to be made application specific.

To manage notifications about this bug go to:
https://bugs.launchpad.net/canonical-devices-system-image/+bug/1260103/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1260103] Re: oxide should use an app-specific path for shared memory files

[Pat McGowan]

** Changed in: canonical-devices-system-image
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1260103

Title:
  oxide should use an app-specific path for shared memory files

Status in Canonical System Image:
  Fix Released
Status in Oxide:
  Fix Released
Status in Oxide 1.17 series:
  Fix Released
Status in webapps-sprint:
  Fix Committed
Status in apparmor-easyprof-ubuntu package in Ubuntu:
  Confirmed

Bug description:
  Oxide creates shared memory files as /run/shm/.org.chromium.Chromium.*. This 
results in an AppArmor rule like the following:
owner /run/shm/.org.chromium.Chromium.* rwk, 

  But this rule is too lenient because a malicious app could enumerate
  these files and attack shared memory of other applications. Therefore,
  these paths need to be made application specific.

To manage notifications about this bug go to:
https://bugs.launchpad.net/canonical-devices-system-image/+bug/1260103/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1260103] Re: oxide should use an app-specific path for shared memory files

[Launchpad Bug Tracker]

** Branch linked: lp:~oxide-developers/oxide/packaging.xenial

** Branch linked: lp:~oxide-developers/oxide/packaging.trusty

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1260103

Title:
  oxide should use an app-specific path for shared memory files

Status in Canonical System Image:
  Fix Committed
Status in Oxide:
  Fix Released
Status in Oxide 1.17 series:
  Fix Released
Status in webapps-sprint:
  Fix Committed
Status in apparmor-easyprof-ubuntu package in Ubuntu:
  Confirmed

Bug description:
  Oxide creates shared memory files as /run/shm/.org.chromium.Chromium.*. This 
results in an AppArmor rule like the following:
owner /run/shm/.org.chromium.Chromium.* rwk, 

  But this rule is too lenient because a malicious app could enumerate
  these files and attack shared memory of other applications. Therefore,
  these paths need to be made application specific.

To manage notifications about this bug go to:
https://bugs.launchpad.net/canonical-devices-system-image/+bug/1260103/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1260103] Re: oxide should use an app-specific path for shared memory files

[Launchpad Bug Tracker]

** Branch linked: lp:~oxide-developers/oxide/packaging.vivid.overlay

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1260103

Title:
  oxide should use an app-specific path for shared memory files

Status in Canonical System Image:
  Fix Committed
Status in Oxide:
  Fix Released
Status in Oxide 1.17 series:
  Fix Released
Status in webapps-sprint:
  Fix Committed
Status in apparmor-easyprof-ubuntu package in Ubuntu:
  Confirmed

Bug description:
  Oxide creates shared memory files as /run/shm/.org.chromium.Chromium.*. This 
results in an AppArmor rule like the following:
owner /run/shm/.org.chromium.Chromium.* rwk, 

  But this rule is too lenient because a malicious app could enumerate
  these files and attack shared memory of other applications. Therefore,
  these paths need to be made application specific.

To manage notifications about this bug go to:
https://bugs.launchpad.net/canonical-devices-system-image/+bug/1260103/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1260103] Re: oxide should use an app-specific path for shared memory files

[Launchpad Bug Tracker]

** Branch linked: lp:~oxide-developers/oxide/packaging.xenial.overlay

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1260103

Title:
  oxide should use an app-specific path for shared memory files

Status in Canonical System Image:
  Fix Committed
Status in Oxide:
  Fix Released
Status in Oxide 1.17 series:
  Fix Released
Status in webapps-sprint:
  Fix Committed
Status in apparmor-easyprof-ubuntu package in Ubuntu:
  Confirmed

Bug description:
  Oxide creates shared memory files as /run/shm/.org.chromium.Chromium.*. This 
results in an AppArmor rule like the following:
owner /run/shm/.org.chromium.Chromium.* rwk, 

  But this rule is too lenient because a malicious app could enumerate
  these files and attack shared memory of other applications. Therefore,
  these paths need to be made application specific.

To manage notifications about this bug go to:
https://bugs.launchpad.net/canonical-devices-system-image/+bug/1260103/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1260103] Re: oxide should use an app-specific path for shared memory files

[Launchpad Bug Tracker]

** Branch linked: lp:~oxide-developers/oxide/packaging.yakkety

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1260103

Title:
  oxide should use an app-specific path for shared memory files

Status in Canonical System Image:
  Fix Committed
Status in Oxide:
  Fix Released
Status in Oxide 1.17 series:
  Fix Released
Status in webapps-sprint:
  Fix Committed
Status in apparmor-easyprof-ubuntu package in Ubuntu:
  Confirmed

Bug description:
  Oxide creates shared memory files as /run/shm/.org.chromium.Chromium.*. This 
results in an AppArmor rule like the following:
owner /run/shm/.org.chromium.Chromium.* rwk, 

  But this rule is too lenient because a malicious app could enumerate
  these files and attack shared memory of other applications. Therefore,
  these paths need to be made application specific.

To manage notifications about this bug go to:
https://bugs.launchpad.net/canonical-devices-system-image/+bug/1260103/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1260103] Re: oxide should use an app-specific path for shared memory files

[Chris Coulson]

** Changed in: oxide/1.17
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1260103

Title:
  oxide should use an app-specific path for shared memory files

Status in Canonical System Image:
  Fix Committed
Status in Oxide:
  Fix Released
Status in Oxide 1.17 series:
  Fix Released
Status in webapps-sprint:
  Fix Committed
Status in apparmor-easyprof-ubuntu package in Ubuntu:
  Confirmed

Bug description:
  Oxide creates shared memory files as /run/shm/.org.chromium.Chromium.*. This 
results in an AppArmor rule like the following:
owner /run/shm/.org.chromium.Chromium.* rwk, 

  But this rule is too lenient because a malicious app could enumerate
  these files and attack shared memory of other applications. Therefore,
  these paths need to be made application specific.

To manage notifications about this bug go to:
https://bugs.launchpad.net/canonical-devices-system-image/+bug/1260103/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1260103] Re: oxide should use an app-specific path for shared memory files

[Jean-Baptiste Lallement]

** Changed in: canonical-devices-system-image
   Status: In Progress => Fix Committed

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1260103

Title:
  oxide should use an app-specific path for shared memory files

Status in Canonical System Image:
  Fix Committed
Status in Oxide:
  Fix Released
Status in Oxide 1.17 series:
  Fix Committed
Status in webapps-sprint:
  Fix Committed
Status in apparmor-easyprof-ubuntu package in Ubuntu:
  Confirmed

Bug description:
  Oxide creates shared memory files as /run/shm/.org.chromium.Chromium.*. This 
results in an AppArmor rule like the following:
owner /run/shm/.org.chromium.Chromium.* rwk, 

  But this rule is too lenient because a malicious app could enumerate
  these files and attack shared memory of other applications. Therefore,
  these paths need to be made application specific.

To manage notifications about this bug go to:
https://bugs.launchpad.net/canonical-devices-system-image/+bug/1260103/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1260103] Re: oxide should use an app-specific path for shared memory files

[Olivier Tilloy]

** Changed in: oxide/1.17
   Status: In Progress => Fix Committed

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1260103

Title:
  oxide should use an app-specific path for shared memory files

Status in Canonical System Image:
  In Progress
Status in Oxide:
  Fix Released
Status in Oxide 1.17 series:
  Fix Committed
Status in webapps-sprint:
  Fix Committed
Status in apparmor-easyprof-ubuntu package in Ubuntu:
  Confirmed

Bug description:
  Oxide creates shared memory files as /run/shm/.org.chromium.Chromium.*. This 
results in an AppArmor rule like the following:
owner /run/shm/.org.chromium.Chromium.* rwk, 

  But this rule is too lenient because a malicious app could enumerate
  these files and attack shared memory of other applications. Therefore,
  these paths need to be made application specific.

To manage notifications about this bug go to:
https://bugs.launchpad.net/canonical-devices-system-image/+bug/1260103/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1260103] Re: oxide should use an app-specific path for shared memory files

[Olivier Tilloy]

** Changed in: oxide
   Status: In Progress => Fix Released

** Changed in: oxide/1.17
   Status: Confirmed => In Progress

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1260103

Title:
  oxide should use an app-specific path for shared memory files

Status in Canonical System Image:
  In Progress
Status in Oxide:
  Fix Released
Status in Oxide 1.17 series:
  In Progress
Status in webapps-sprint:
  Fix Committed
Status in apparmor-easyprof-ubuntu package in Ubuntu:
  Confirmed

Bug description:
  Oxide creates shared memory files as /run/shm/.org.chromium.Chromium.*. This 
results in an AppArmor rule like the following:
owner /run/shm/.org.chromium.Chromium.* rwk, 

  But this rule is too lenient because a malicious app could enumerate
  these files and attack shared memory of other applications. Therefore,
  these paths need to be made application specific.

To manage notifications about this bug go to:
https://bugs.launchpad.net/canonical-devices-system-image/+bug/1260103/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1260103] Re: oxide should use an app-specific path for shared memory files

[Chris Coulson]

** Changed in: oxide/1.17
Milestone: 1.17.4 => 1.17.5

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1260103

Title:
  oxide should use an app-specific path for shared memory files

Status in Canonical System Image:
  In Progress
Status in Oxide:
  In Progress
Status in Oxide 1.17 series:
  Confirmed
Status in webapps-sprint:
  Fix Committed
Status in apparmor-easyprof-ubuntu package in Ubuntu:
  Confirmed

Bug description:
  Oxide creates shared memory files as /run/shm/.org.chromium.Chromium.*. This 
results in an AppArmor rule like the following:
owner /run/shm/.org.chromium.Chromium.* rwk, 

  But this rule is too lenient because a malicious app could enumerate
  these files and attack shared memory of other applications. Therefore,
  these paths need to be made application specific.

To manage notifications about this bug go to:
https://bugs.launchpad.net/canonical-devices-system-image/+bug/1260103/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1260103] Re: oxide should use an app-specific path for shared memory files

[Olivier Tilloy]

Proposed fix for oxide:
https://code.launchpad.net/~osomon/oxide/+git/oxide/+merge/303821.

** Also affects: oxide/1.17
   Importance: Undecided
   Status: New

** Changed in: oxide/1.17
 Assignee: (unassigned) => Olivier Tilloy (osomon)

** Changed in: oxide/1.17
   Importance: Undecided => Medium

** Changed in: oxide/1.17
   Status: New => Confirmed

** Changed in: oxide/1.17
Milestone: None => 1.17.4

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1260103

Title:
  oxide should use an app-specific path for shared memory files

Status in Canonical System Image:
  In Progress
Status in Oxide:
  In Progress
Status in Oxide 1.17 series:
  Confirmed
Status in webapps-sprint:
  Fix Committed
Status in apparmor-easyprof-ubuntu package in Ubuntu:
  Confirmed

Bug description:
  Oxide creates shared memory files as /run/shm/.org.chromium.Chromium.*. This 
results in an AppArmor rule like the following:
owner /run/shm/.org.chromium.Chromium.* rwk, 

  But this rule is too lenient because a malicious app could enumerate
  these files and attack shared memory of other applications. Therefore,
  these paths need to be made application specific.

To manage notifications about this bug go to:
https://bugs.launchpad.net/canonical-devices-system-image/+bug/1260103/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1260103] Re: oxide should use an app-specific path for shared memory files

[Chris Coulson]

** Changed in: oxide
Milestone: branch-1.17 => branch-1.18

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1260103

Title:
  oxide should use an app-specific path for shared memory files

Status in Canonical System Image:
  In Progress
Status in Oxide:
  In Progress
Status in webapps-sprint:
  Fix Committed
Status in apparmor-easyprof-ubuntu package in Ubuntu:
  Confirmed

Bug description:
  Oxide creates shared memory files as /run/shm/.org.chromium.Chromium.*. This 
results in an AppArmor rule like the following:
owner /run/shm/.org.chromium.Chromium.* rwk, 

  But this rule is too lenient because a malicious app could enumerate
  these files and attack shared memory of other applications. Therefore,
  these paths need to be made application specific.

To manage notifications about this bug go to:
https://bugs.launchpad.net/canonical-devices-system-image/+bug/1260103/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1260103] Re: oxide should use an app-specific path for shared memory files

[Olivier Tilloy]

** Changed in: oxide
   Status: Confirmed => In Progress

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1260103

Title:
  oxide should use an app-specific path for shared memory files

Status in Canonical System Image:
  In Progress
Status in Oxide:
  In Progress
Status in webapps-sprint:
  Fix Committed
Status in apparmor-easyprof-ubuntu package in Ubuntu:
  Confirmed

Bug description:
  Oxide creates shared memory files as /run/shm/.org.chromium.Chromium.*. This 
results in an AppArmor rule like the following:
owner /run/shm/.org.chromium.Chromium.* rwk, 

  But this rule is too lenient because a malicious app could enumerate
  these files and attack shared memory of other applications. Therefore,
  these paths need to be made application specific.

To manage notifications about this bug go to:
https://bugs.launchpad.net/canonical-devices-system-image/+bug/1260103/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1260103] Re: oxide should use an app-specific path for shared memory files

[Olivier Tilloy]

Re-opening for oxide as it turns out APP_PKGNAME is not an environment
variable that is being set anywhere for click apps. According to
https://developer.ubuntu.com/en/phone/platform/guides/app-confinement/,
its value can be inferred like this:

  APP_PKGNAME = APP_ID.split('_')[0]

** Changed in: oxide
   Status: Fix Released => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1260103

Title:
  oxide should use an app-specific path for shared memory files

Status in Canonical System Image:
  In Progress
Status in Oxide:
  Confirmed
Status in webapps-sprint:
  Fix Committed
Status in apparmor-easyprof-ubuntu package in Ubuntu:
  Confirmed

Bug description:
  Oxide creates shared memory files as /run/shm/.org.chromium.Chromium.*. This 
results in an AppArmor rule like the following:
owner /run/shm/.org.chromium.Chromium.* rwk, 

  But this rule is too lenient because a malicious app could enumerate
  these files and attack shared memory of other applications. Therefore,
  these paths need to be made application specific.

To manage notifications about this bug go to:
https://bugs.launchpad.net/canonical-devices-system-image/+bug/1260103/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1260103] Re: oxide should use an app-specific path for shared memory files

[Launchpad Bug Tracker]

** Branch linked: lp:~tyhicks/apparmor-easyprof-ubuntu/lp1260103

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1260103

Title:
  oxide should use an app-specific path for shared memory files

Status in Canonical System Image:
  In Progress
Status in Oxide:
  Fix Released
Status in webapps-sprint:
  Fix Committed
Status in apparmor-easyprof-ubuntu package in Ubuntu:
  Confirmed

Bug description:
  Oxide creates shared memory files as /run/shm/.org.chromium.Chromium.*. This 
results in an AppArmor rule like the following:
owner /run/shm/.org.chromium.Chromium.* rwk, 

  But this rule is too lenient because a malicious app could enumerate
  these files and attack shared memory of other applications. Therefore,
  these paths need to be made application specific.

To manage notifications about this bug go to:
https://bugs.launchpad.net/canonical-devices-system-image/+bug/1260103/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1260103] Re: oxide should use an app-specific path for shared memory files

[David Barth]

** Changed in: webapps-sprint
   Status: Triaged => In Progress

** Changed in: webapps-sprint
   Status: In Progress => Fix Committed

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1260103

Title:
  oxide should use an app-specific path for shared memory files

Status in Canonical System Image:
  In Progress
Status in Oxide:
  Fix Released
Status in webapps-sprint:
  Fix Committed
Status in apparmor-easyprof-ubuntu package in Ubuntu:
  Confirmed

Bug description:
  Oxide creates shared memory files as /run/shm/.org.chromium.Chromium.*. This 
results in an AppArmor rule like the following:
owner /run/shm/.org.chromium.Chromium.* rwk, 

  But this rule is too lenient because a malicious app could enumerate
  these files and attack shared memory of other applications. Therefore,
  these paths need to be made application specific.

To manage notifications about this bug go to:
https://bugs.launchpad.net/canonical-devices-system-image/+bug/1260103/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1260103] Re: oxide should use an app-specific path for shared memory files

[David Barth]

** Also affects: webapps-sprint
   Importance: Undecided
   Status: New

** Changed in: webapps-sprint
 Assignee: (unassigned) => David Barth (dbarth)

** Changed in: webapps-sprint
Milestone: None => sprint-25

** Changed in: webapps-sprint
   Importance: Undecided => Medium

** Changed in: webapps-sprint
   Status: New => Triaged

** Changed in: apparmor-easyprof-ubuntu (Ubuntu)
 Assignee: (unassigned) => Jamie Strandboge (jdstrand)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1260103

Title:
  oxide should use an app-specific path for shared memory files

Status in Canonical System Image:
  In Progress
Status in Oxide:
  Fix Released
Status in webapps-sprint:
  Triaged
Status in apparmor-easyprof-ubuntu package in Ubuntu:
  Confirmed

Bug description:
  Oxide creates shared memory files as /run/shm/.org.chromium.Chromium.*. This 
results in an AppArmor rule like the following:
owner /run/shm/.org.chromium.Chromium.* rwk, 

  But this rule is too lenient because a malicious app could enumerate
  these files and attack shared memory of other applications. Therefore,
  these paths need to be made application specific.

To manage notifications about this bug go to:
https://bugs.launchpad.net/canonical-devices-system-image/+bug/1260103/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1260103] Re: oxide should use an app-specific path for shared memory files

[Pat McGowan]

** Also affects: canonical-devices-system-image
   Importance: Undecided
   Status: New

** Changed in: canonical-devices-system-image
   Importance: Undecided => Medium

** Changed in: canonical-devices-system-image
   Status: New => In Progress

** Changed in: canonical-devices-system-image
Milestone: None => 13

** Changed in: canonical-devices-system-image
 Assignee: (unassigned) => David Barth (dbarth)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1260103

Title:
  oxide should use an app-specific path for shared memory files

Status in Canonical System Image:
  In Progress
Status in Oxide:
  Fix Released
Status in apparmor-easyprof-ubuntu package in Ubuntu:
  Confirmed

Bug description:
  Oxide creates shared memory files as /run/shm/.org.chromium.Chromium.*. This 
results in an AppArmor rule like the following:
owner /run/shm/.org.chromium.Chromium.* rwk, 

  But this rule is too lenient because a malicious app could enumerate
  these files and attack shared memory of other applications. Therefore,
  these paths need to be made application specific.

To manage notifications about this bug go to:
https://bugs.launchpad.net/canonical-devices-system-image/+bug/1260103/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1260103] Re: oxide should use an app-specific path for shared memory files

[Olivier Tilloy]

This is now fixed in oxide, the apparmor-easyprof-ubuntu counterpart
needs to be implemented.

** Changed in: oxide
   Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1260103

Title:
  oxide should use an app-specific path for shared memory files

Status in Oxide:
  Fix Released
Status in apparmor-easyprof-ubuntu package in Ubuntu:
  Confirmed

Bug description:
  Oxide creates shared memory files as /run/shm/.org.chromium.Chromium.*. This 
results in an AppArmor rule like the following:
owner /run/shm/.org.chromium.Chromium.* rwk, 

  But this rule is too lenient because a malicious app could enumerate
  these files and attack shared memory of other applications. Therefore,
  these paths need to be made application specific.

To manage notifications about this bug go to:
https://bugs.launchpad.net/oxide/+bug/1260103/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1260103] Re: oxide should use an app-specific path for shared memory files

[Olivier Tilloy]

Against oxide master:
https://code.launchpad.net/~osomon/oxide/+git/oxide/+merge/300869

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1260103

Title:
  oxide should use an app-specific path for shared memory files

Status in Oxide:
  In Progress
Status in apparmor-easyprof-ubuntu package in Ubuntu:
  Confirmed

Bug description:
  Oxide creates shared memory files as /run/shm/.org.chromium.Chromium.*. This 
results in an AppArmor rule like the following:
owner /run/shm/.org.chromium.Chromium.* rwk, 

  But this rule is too lenient because a malicious app could enumerate
  these files and attack shared memory of other applications. Therefore,
  these paths need to be made application specific.

To manage notifications about this bug go to:
https://bugs.launchpad.net/oxide/+bug/1260103/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1260103] Re: oxide should use an app-specific path for shared memory files

[Olivier Tilloy]

Oxide merge request:
https://code.launchpad.net/~osomon/oxide/+git/oxide/+merge/300863

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1260103

Title:
  oxide should use an app-specific path for shared memory files

Status in Oxide:
  In Progress
Status in apparmor-easyprof-ubuntu package in Ubuntu:
  Confirmed

Bug description:
  Oxide creates shared memory files as /run/shm/.org.chromium.Chromium.*. This 
results in an AppArmor rule like the following:
owner /run/shm/.org.chromium.Chromium.* rwk, 

  But this rule is too lenient because a malicious app could enumerate
  these files and attack shared memory of other applications. Therefore,
  these paths need to be made application specific.

To manage notifications about this bug go to:
https://bugs.launchpad.net/oxide/+bug/1260103/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1260103] Re: oxide should use an app-specific path for shared memory files

[Olivier Tilloy]

This is how the code that overrides the path for shared memory in oxide
would look like. How does that look?

base::FilePath GetSharedMemoryPath() {
  // snap packages
  const char* tmp = getenv("SNAP_NAME");
  if (tmp) {
return base::FilePath(std::string("/dev/shm/snap.") + tmp + ".oxide");
  }

  // click packages
  tmp = getenv("APP_PKGNAME");
  if (tmp) {
return base::FilePath(std::string("/dev/shm/") + tmp + ".oxide");
  }

  // default
  return base::FilePath("/dev/shm");
}

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1260103

Title:
  oxide should use an app-specific path for shared memory files

Status in Oxide:
  In Progress
Status in apparmor-easyprof-ubuntu package in Ubuntu:
  Confirmed

Bug description:
  Oxide creates shared memory files as /run/shm/.org.chromium.Chromium.*. This 
results in an AppArmor rule like the following:
owner /run/shm/.org.chromium.Chromium.* rwk, 

  But this rule is too lenient because a malicious app could enumerate
  these files and attack shared memory of other applications. Therefore,
  these paths need to be made application specific.

To manage notifications about this bug go to:
https://bugs.launchpad.net/oxide/+bug/1260103/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1260103] Re: oxide should use an app-specific path for shared memory files

[Olivier Tilloy]

Thanks Tyler, that sounds good. I’ll start the work on oxide and we can
synchronize next week to adjust the paths.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1260103

Title:
  oxide should use an app-specific path for shared memory files

Status in Oxide:
  In Progress
Status in apparmor-easyprof-ubuntu package in Ubuntu:
  Confirmed

Bug description:
  Oxide creates shared memory files as /run/shm/.org.chromium.Chromium.*. This 
results in an AppArmor rule like the following:
owner /run/shm/.org.chromium.Chromium.* rwk, 

  But this rule is too lenient because a malicious app could enumerate
  these files and attack shared memory of other applications. Therefore,
  these paths need to be made application specific.

To manage notifications about this bug go to:
https://bugs.launchpad.net/oxide/+bug/1260103/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1260103] Re: oxide should use an app-specific path for shared memory files

[Tyler Hicks]

Regarding the apparmor-easyprof-ubuntu changes and landing, it'll likely
be Jamie next week or either of us the week after.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1260103

Title:
  oxide should use an app-specific path for shared memory files

Status in Oxide:
  In Progress
Status in apparmor-easyprof-ubuntu package in Ubuntu:
  Confirmed

Bug description:
  Oxide creates shared memory files as /run/shm/.org.chromium.Chromium.*. This 
results in an AppArmor rule like the following:
owner /run/shm/.org.chromium.Chromium.* rwk, 

  But this rule is too lenient because a malicious app could enumerate
  these files and attack shared memory of other applications. Therefore,
  these paths need to be made application specific.

To manage notifications about this bug go to:
https://bugs.launchpad.net/oxide/+bug/1260103/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1260103] Re: oxide should use an app-specific path for shared memory files

[Olivier Tilloy]

Yes, that’s fine by me. I just wanted to have some sort of agreement
before writing any code. Who can/will do the change to apparmor-
easyprof-ubuntu?

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1260103

Title:
  oxide should use an app-specific path for shared memory files

Status in Oxide:
  In Progress
Status in apparmor-easyprof-ubuntu package in Ubuntu:
  Confirmed

Bug description:
  Oxide creates shared memory files as /run/shm/.org.chromium.Chromium.*. This 
results in an AppArmor rule like the following:
owner /run/shm/.org.chromium.Chromium.* rwk, 

  But this rule is too lenient because a malicious app could enumerate
  these files and attack shared memory of other applications. Therefore,
  these paths need to be made application specific.

To manage notifications about this bug go to:
https://bugs.launchpad.net/oxide/+bug/1260103/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1260103] Re: oxide should use an app-specific path for shared memory files

[Tyler Hicks]

I think using APP_PKGNAME on the phone makes sense. However, I think
we'd want the the APP_PKGNAME to be the leading string in the filename
so that we can use "/{dev,run}/shm/${APP_PKGNAME}*" instead of
"/{dev,run}/shm/*${APP_PKGNAME}*".

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1260103

Title:
  oxide should use an app-specific path for shared memory files

Status in Oxide:
  In Progress
Status in apparmor-easyprof-ubuntu package in Ubuntu:
  Confirmed

Bug description:
  Oxide creates shared memory files as /run/shm/.org.chromium.Chromium.*. This 
results in an AppArmor rule like the following:
owner /run/shm/.org.chromium.Chromium.* rwk, 

  But this rule is too lenient because a malicious app could enumerate
  these files and attack shared memory of other applications. Therefore,
  these paths need to be made application specific.

To manage notifications about this bug go to:
https://bugs.launchpad.net/oxide/+bug/1260103/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1260103] Re: oxide should use an app-specific path for shared memory files

[Olivier Tilloy]

For current (click) apps on the phone, the APP_PKGNAME variable is used
to parametrize apparmor policies. According to
https://wiki.ubuntu.com/AppStore/Interfaces/ApplicationId, this is the
name of the click package (e.g. "com.ubuntu.foo"). However there are
currently no existing rules to allow /{dev,run}/shm/*${APP_PKGNAME}*, so
apparmor-easyprof-ubuntu would need to be updated to add such a rule.

I’m fine with using PathService, but that will result in a slightly more
intrusive patch to chromium. I think I’d rather rely entirely on
environment variable, rather than adding a command-line option.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1260103

Title:
  oxide should use an app-specific path for shared memory files

Status in Oxide:
  In Progress
Status in apparmor-easyprof-ubuntu package in Ubuntu:
  Confirmed

Bug description:
  Oxide creates shared memory files as /run/shm/.org.chromium.Chromium.*. This 
results in an AppArmor rule like the following:
owner /run/shm/.org.chromium.Chromium.* rwk, 

  But this rule is too lenient because a malicious app could enumerate
  these files and attack shared memory of other applications. Therefore,
  these paths need to be made application specific.

To manage notifications about this bug go to:
https://bugs.launchpad.net/oxide/+bug/1260103/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1260103] Re: oxide should use an app-specific path for shared memory files

[Chris Coulson]

That won't work for child processes, where the environment variable
won't exist. Also, we should have something that works for current apps
on the phone (I assume there's a different environment variable for
that). If you're not using PathService, there would at least need to be
a command line option to make this work.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1260103

Title:
  oxide should use an app-specific path for shared memory files

Status in Oxide:
  In Progress
Status in apparmor-easyprof-ubuntu package in Ubuntu:
  Confirmed

Bug description:
  Oxide creates shared memory files as /run/shm/.org.chromium.Chromium.*. This 
results in an AppArmor rule like the following:
owner /run/shm/.org.chromium.Chromium.* rwk, 

  But this rule is too lenient because a malicious app could enumerate
  these files and attack shared memory of other applications. Therefore,
  these paths need to be made application specific.

To manage notifications about this bug go to:
https://bugs.launchpad.net/oxide/+bug/1260103/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1260103] Re: oxide should use an app-specific path for shared memory files

[Olivier Tilloy]

And here is what such a patch would look like:

diff --git a/base/files/file_util_posix.cc b/base/files/file_util_posix.cc
index 42de931..f9dec07 100644
--- a/base/files/file_util_posix.cc
+++ b/base/files/file_util_posix.cc
@@ -139,6 +139,10 @@ std::string TempFileName() {
 #if defined(GOOGLE_CHROME_BUILD)
   return std::string(".com.google.Chrome.XX");
 #else
+  const char* tmp = getenv("SNAP_NAME");
+  if (tmp) {
+return std::string("snap.").append(tmp).append(".XX");
+  }
   return std::string(".org.chromium.Chromium.XX");
 #endif
 }


** Changed in: oxide
Milestone: None => branch-1.17

** Changed in: oxide
   Status: Triaged => In Progress

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1260103

Title:
  oxide should use an app-specific path for shared memory files

Status in Oxide:
  In Progress
Status in apparmor-easyprof-ubuntu package in Ubuntu:
  Confirmed

Bug description:
  Oxide creates shared memory files as /run/shm/.org.chromium.Chromium.*. This 
results in an AppArmor rule like the following:
owner /run/shm/.org.chromium.Chromium.* rwk, 

  But this rule is too lenient because a malicious app could enumerate
  these files and attack shared memory of other applications. Therefore,
  these paths need to be made application specific.

To manage notifications about this bug go to:
https://bugs.launchpad.net/oxide/+bug/1260103/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1260103] Re: oxide should use an app-specific path for shared memory files

[Olivier Tilloy]

> I would modify base::GetShmemTempDir() to lookup a path via
> base::PathService and then have Oxide override this.

GetShmemTempDir() tries to create a temp file under /dev/shm/, so the problem 
is not the path itself, it’s the name of the temp file under that path.
IIUC what needs to be modified is the TempFileName() function, to return 
something like "snap.${SNAP_NAME}.XX", if SNAP_NAME is defined, and fall 
back to the default value, ".org.chromium.Chromium.XX".

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1260103

Title:
  oxide should use an app-specific path for shared memory files

Status in Oxide:
  In Progress
Status in apparmor-easyprof-ubuntu package in Ubuntu:
  Confirmed

Bug description:
  Oxide creates shared memory files as /run/shm/.org.chromium.Chromium.*. This 
results in an AppArmor rule like the following:
owner /run/shm/.org.chromium.Chromium.* rwk, 

  But this rule is too lenient because a malicious app could enumerate
  these files and attack shared memory of other applications. Therefore,
  these paths need to be made application specific.

To manage notifications about this bug go to:
https://bugs.launchpad.net/oxide/+bug/1260103/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1260103] Re: oxide should use an app-specific path for shared memory files

[Olivier Tilloy]

For applications packaged as snaps, snappy-debug suggests writing to
"/dev/shm/snap.$SNAP_NAME.*".

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1260103

Title:
  oxide should use an app-specific path for shared memory files

Status in Oxide:
  Triaged
Status in apparmor-easyprof-ubuntu package in Ubuntu:
  Confirmed

Bug description:
  Oxide creates shared memory files as /run/shm/.org.chromium.Chromium.*. This 
results in an AppArmor rule like the following:
owner /run/shm/.org.chromium.Chromium.* rwk, 

  But this rule is too lenient because a malicious app could enumerate
  these files and attack shared memory of other applications. Therefore,
  these paths need to be made application specific.

To manage notifications about this bug go to:
https://bugs.launchpad.net/oxide/+bug/1260103/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1260103] Re: oxide should use an app-specific path for shared memory files

[Chris Coulson]

I would modify base::GetShmemTempDir() to lookup a path via
base::PathService and then have Oxide override this. You'll need to add
a new key in base/base_paths_posix.h as well.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1260103

Title:
  oxide should use an app-specific path for shared memory files

Status in Oxide:
  Triaged
Status in apparmor-easyprof-ubuntu package in Ubuntu:
  Confirmed

Bug description:
  Oxide creates shared memory files as /run/shm/.org.chromium.Chromium.*. This 
results in an AppArmor rule like the following:
owner /run/shm/.org.chromium.Chromium.* rwk, 

  But this rule is too lenient because a malicious app could enumerate
  these files and attack shared memory of other applications. Therefore,
  these paths need to be made application specific.

To manage notifications about this bug go to:
https://bugs.launchpad.net/oxide/+bug/1260103/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1260103] Re: oxide should use an app-specific path for shared memory files

[Chris Coulson]

** Changed in: oxide
 Assignee: (unassigned) => Olivier Tilloy (osomon)

** Changed in: oxide
   Status: New => Triaged

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1260103

Title:
  oxide should use an app-specific path for shared memory files

Status in Oxide:
  Triaged
Status in apparmor-easyprof-ubuntu package in Ubuntu:
  Confirmed

Bug description:
  Oxide creates shared memory files as /run/shm/.org.chromium.Chromium.*. This 
results in an AppArmor rule like the following:
owner /run/shm/.org.chromium.Chromium.* rwk, 

  But this rule is too lenient because a malicious app could enumerate
  these files and attack shared memory of other applications. Therefore,
  these paths need to be made application specific.

To manage notifications about this bug go to:
https://bugs.launchpad.net/oxide/+bug/1260103/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1260103] Re: oxide should use an app-specific path for shared memory files

[Jamie Strandboge]

** Changed in: apparmor-easyprof-ubuntu (Ubuntu)
   Status: New = Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1260103

Title:
  oxide should use an app-specific path for shared memory files

Status in Oxide Webview:
  New
Status in “apparmor-easyprof-ubuntu” package in Ubuntu:
  Confirmed

Bug description:
  Oxide creates shared memory files as /run/shm/.org.chromium.Chromium.*. This 
results in an AppArmor rule like the following:
owner /run/shm/.org.chromium.Chromium.* rwk, 

  But this rule is too lenient because a malicious app could enumerate
  these files and attack shared memory of other applications. Therefore,
  these paths need to be made application specific.

To manage notifications about this bug go to:
https://bugs.launchpad.net/oxide/+bug/1260103/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp