[Touch-packages] [Bug 1219644] Re: Account plugins should be made confinable by apparmor
https://developer.ubuntu.com/en/start/platform/guides/online-accounts- developer-guide/ and https://developer.ubuntu.com/en/start/platform/guides/app-confinement/ probably need an update now. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu in Ubuntu. https://bugs.launchpad.net/bugs/1219644 Title: Account plugins should be made confinable by apparmor Status in Canonical Click Reviewers tools: Fix Released Status in Ubuntu Developer Portal: Confirmed Status in Online Accounts setup for Ubuntu Touch: Fix Released Status in apparmor-easyprof-ubuntu package in Ubuntu: Fix Released Status in ubuntu-system-settings-online-accounts package in Ubuntu: Fix Released Bug description: With the current implementation, the QML files for account plugins are executed by the Online Accounts QML applet which in turn is executed within the System Settings process, which probably means that malicious account plugins could control everything that the System Settings process can (like entering/exiting the flight mode). Account plugins (or the Online Accounts applet itself) should probably be run in a separate process, which could then be assigned a stricter confinement with apparmor. To manage notifications about this bug go to: https://bugs.launchpad.net/click-reviewers-tools/+bug/1219644/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1219644] Re: Account plugins should be made confinable by apparmor
** Changed in: developer-ubuntu-com Importance: Undecided = High ** Changed in: developer-ubuntu-com Status: New = Confirmed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu in Ubuntu. https://bugs.launchpad.net/bugs/1219644 Title: Account plugins should be made confinable by apparmor Status in Canonical Click Reviewers tools: Fix Released Status in Ubuntu Developer Portal: Confirmed Status in Online Accounts setup for Ubuntu Touch: Fix Released Status in apparmor-easyprof-ubuntu package in Ubuntu: Fix Released Status in ubuntu-system-settings-online-accounts package in Ubuntu: Fix Released Bug description: With the current implementation, the QML files for account plugins are executed by the Online Accounts QML applet which in turn is executed within the System Settings process, which probably means that malicious account plugins could control everything that the System Settings process can (like entering/exiting the flight mode). Account plugins (or the Online Accounts applet itself) should probably be run in a separate process, which could then be assigned a stricter confinement with apparmor. To manage notifications about this bug go to: https://bugs.launchpad.net/click-reviewers-tools/+bug/1219644/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1219644] Re: Account plugins should be made confinable by apparmor
** Also affects: developer-ubuntu-com Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu in Ubuntu. https://bugs.launchpad.net/bugs/1219644 Title: Account plugins should be made confinable by apparmor Status in Canonical Click Reviewers tools: Fix Released Status in Ubuntu Developer Portal: New Status in Online Accounts setup for Ubuntu Touch: Fix Released Status in apparmor-easyprof-ubuntu package in Ubuntu: Fix Released Status in ubuntu-system-settings-online-accounts package in Ubuntu: Fix Released Bug description: With the current implementation, the QML files for account plugins are executed by the Online Accounts QML applet which in turn is executed within the System Settings process, which probably means that malicious account plugins could control everything that the System Settings process can (like entering/exiting the flight mode). Account plugins (or the Online Accounts applet itself) should probably be run in a separate process, which could then be assigned a stricter confinement with apparmor. To manage notifications about this bug go to: https://bugs.launchpad.net/click-reviewers-tools/+bug/1219644/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1219644] Re: Account plugins should be made confinable by apparmor
** Changed in: click-reviewers-tools Status: Confirmed = In Progress -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu in Ubuntu. https://bugs.launchpad.net/bugs/1219644 Title: Account plugins should be made confinable by apparmor Status in tools to review click packages: In Progress Status in Online Accounts setup for Ubuntu Touch: Fix Released Status in apparmor-easyprof-ubuntu package in Ubuntu: Fix Released Status in ubuntu-system-settings-online-accounts package in Ubuntu: Fix Released Bug description: With the current implementation, the QML files for account plugins are executed by the Online Accounts QML applet which in turn is executed within the System Settings process, which probably means that malicious account plugins could control everything that the System Settings process can (like entering/exiting the flight mode). Account plugins (or the Online Accounts applet itself) should probably be run in a separate process, which could then be assigned a stricter confinement with apparmor. To manage notifications about this bug go to: https://bugs.launchpad.net/click-reviewers-tools/+bug/1219644/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1219644] Re: Account plugins should be made confinable by apparmor
These latest issues are now being tracked in bug #1468792. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu in Ubuntu. https://bugs.launchpad.net/bugs/1219644 Title: Account plugins should be made confinable by apparmor Status in tools to review click packages: In Progress Status in Online Accounts setup for Ubuntu Touch: Fix Released Status in apparmor-easyprof-ubuntu package in Ubuntu: Fix Released Status in ubuntu-system-settings-online-accounts package in Ubuntu: Fix Released Bug description: With the current implementation, the QML files for account plugins are executed by the Online Accounts QML applet which in turn is executed within the System Settings process, which probably means that malicious account plugins could control everything that the System Settings process can (like entering/exiting the flight mode). Account plugins (or the Online Accounts applet itself) should probably be run in a separate process, which could then be assigned a stricter confinement with apparmor. To manage notifications about this bug go to: https://bugs.launchpad.net/click-reviewers-tools/+bug/1219644/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1219644] Re: Account plugins should be made confinable by apparmor
** Changed in: click-reviewers-tools Status: In Progress = Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu in Ubuntu. https://bugs.launchpad.net/bugs/1219644 Title: Account plugins should be made confinable by apparmor Status in tools to review click packages: Fix Released Status in Online Accounts setup for Ubuntu Touch: Fix Released Status in apparmor-easyprof-ubuntu package in Ubuntu: Fix Released Status in ubuntu-system-settings-online-accounts package in Ubuntu: Fix Released Bug description: With the current implementation, the QML files for account plugins are executed by the Online Accounts QML applet which in turn is executed within the System Settings process, which probably means that malicious account plugins could control everything that the System Settings process can (like entering/exiting the flight mode). Account plugins (or the Online Accounts applet itself) should probably be run in a separate process, which could then be assigned a stricter confinement with apparmor. To manage notifications about this bug go to: https://bugs.launchpad.net/click-reviewers-tools/+bug/1219644/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1219644] Re: Account plugins should be made confinable by apparmor
* the account plugin is trying to create /home/phablet/.cache/online- accounts-ui/ -- this should be created on the account plugin's behalf Indeed, I'll make sure that this is created before the plugin is executed. This is still not fixed: Jun 24 17:02:55 ubuntu-phablet kernel: [44001.684473] type=1400 audit(1435183375.362:404): apparmor=DENIED operation=mkdir profile=com.ubuntu.developer.rmescandon.asana_account-plugin_1.0.0 name=/home/phablet/.cache/QML/Apps/online-accounts-ui/ pid=15145 comm=QQmlThread requested_mask=c denied_mask=c fsuid=32011 ouid=32011 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu in Ubuntu. https://bugs.launchpad.net/bugs/1219644 Title: Account plugins should be made confinable by apparmor Status in tools to review click packages: Confirmed Status in Online Accounts setup for Ubuntu Touch: Fix Released Status in apparmor-easyprof-ubuntu package in Ubuntu: Fix Released Status in ubuntu-system-settings-online-accounts package in Ubuntu: Fix Released Bug description: With the current implementation, the QML files for account plugins are executed by the Online Accounts QML applet which in turn is executed within the System Settings process, which probably means that malicious account plugins could control everything that the System Settings process can (like entering/exiting the flight mode). Account plugins (or the Online Accounts applet itself) should probably be run in a separate process, which could then be assigned a stricter confinement with apparmor. To manage notifications about this bug go to: https://bugs.launchpad.net/click-reviewers-tools/+bug/1219644/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1219644] Re: Account plugins should be made confinable by apparmor
Also, why is it trying to create /home/phablet/.cache/QML/Apps/online-
accounts-ui/? We agreed it should be using @{HOME}/.cache/online-
accounts-ui/ which is what the apparmor policy allows (ie, QML/Apps is
inserted in the path and this isn't allowed by the profile).
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1219644
Title:
Account plugins should be made confinable by apparmor
Status in tools to review click packages:
Confirmed
Status in Online Accounts setup for Ubuntu Touch:
Fix Released
Status in apparmor-easyprof-ubuntu package in Ubuntu:
Fix Released
Status in ubuntu-system-settings-online-accounts package in Ubuntu:
Fix Released
Bug description:
With the current implementation, the QML files for account plugins are
executed by the Online Accounts QML applet which in turn is executed
within the System Settings process, which probably means that
malicious account plugins could control everything that the System
Settings process can (like entering/exiting the flight mode).
Account plugins (or the Online Accounts applet itself) should probably
be run in a separate process, which could then be assigned a stricter
confinement with apparmor.
To manage notifications about this bug go to:
https://bugs.launchpad.net/click-reviewers-tools/+bug/1219644/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1219644] Re: Account plugins should be made confinable by apparmor
Also, if I allow this access in the profile, then the next denial is:
Jun 24 17:12:00 ubuntu-phablet kernel: [44546.645041] type=1400
audit(1435183920.324:495): apparmor=DENIED operation=mknod
profile=com.ubuntu.developer.rmescandon.asana_account-plugin_1.0.0
name=/home/phablet/.cache/QML/Apps/online-accounts-ui/ea1df0af2467507eb3888f68100da073
pid=17998 comm=QQmlThread requested_mask=c denied_mask=c fsuid=32011
ouid=32011
The rules we agreed we would allow for this is:
owner
/{,var/}run/user/*/online-accounts-ui/ui-*-@{APP_PKGNAME}_@{APP_APPNAME} rw,
owner @{HOME}/.cache/online-accounts-ui/id-*-@{APP_PKGNAME}_@{APP_APPNAME}/
rw,
owner @{HOME}/.cache/online-accounts-ui/id-*-@{APP_PKGNAME}_@{APP_APPNAME}/**
mrwkl,
This is on:
$ system-image-cli -i
current build number: 169
device name: mako
channel: ubuntu-touch/rc-proposed/ubuntu
last update: 2015-06-21 17:39:00
version version: 169
version ubuntu: 20150621
version device: 20150210
version custom: 20150621
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1219644
Title:
Account plugins should be made confinable by apparmor
Status in tools to review click packages:
Confirmed
Status in Online Accounts setup for Ubuntu Touch:
Fix Released
Status in apparmor-easyprof-ubuntu package in Ubuntu:
Fix Released
Status in ubuntu-system-settings-online-accounts package in Ubuntu:
Fix Released
Bug description:
With the current implementation, the QML files for account plugins are
executed by the Online Accounts QML applet which in turn is executed
within the System Settings process, which probably means that
malicious account plugins could control everything that the System
Settings process can (like entering/exiting the flight mode).
Account plugins (or the Online Accounts applet itself) should probably
be run in a separate process, which could then be assigned a stricter
confinement with apparmor.
To manage notifications about this bug go to:
https://bugs.launchpad.net/click-reviewers-tools/+bug/1219644/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1219644] Re: Account plugins should be made confinable by apparmor
** Changed in: ubuntu-system-settings-online-accounts Status: Confirmed = Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu in Ubuntu. https://bugs.launchpad.net/bugs/1219644 Title: Account plugins should be made confinable by apparmor Status in tools to review click packages: Confirmed Status in Online Accounts setup for Ubuntu Touch: Fix Released Status in apparmor-easyprof-ubuntu package in Ubuntu: Fix Released Status in ubuntu-system-settings-online-accounts package in Ubuntu: Fix Released Bug description: With the current implementation, the QML files for account plugins are executed by the Online Accounts QML applet which in turn is executed within the System Settings process, which probably means that malicious account plugins could control everything that the System Settings process can (like entering/exiting the flight mode). Account plugins (or the Online Accounts applet itself) should probably be run in a separate process, which could then be assigned a stricter confinement with apparmor. To manage notifications about this bug go to: https://bugs.launchpad.net/click-reviewers-tools/+bug/1219644/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1219644] Re: Account plugins should be made confinable by apparmor
This bug was fixed in the package ubuntu-system-settings-online-accounts - 0.6+15.04.20150319-0ubuntu1 --- ubuntu-system-settings-online-accounts (0.6+15.04.20150319-0ubuntu1) vivid; urgency=medium [ Alberto Mardegan ] * Merge from upstream - Add account data as search keywords (LP: #1373279) - Delete accounts when their plugin is removed (LP: #1413542) - More fixes for plugin confinement (LP: #1219644) - Fail initialization if trust session cannot be setup (LP: #1420847) [ CI Train Bot ] * Resync trunk * Resync trunk * Resync trunk * Resync trunk -- CI Train Bot ci-train-...@canonical.com Thu, 19 Mar 2015 10:52:45 + ** Changed in: ubuntu-system-settings-online-accounts (Ubuntu) Status: Confirmed = Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu in Ubuntu. https://bugs.launchpad.net/bugs/1219644 Title: Account plugins should be made confinable by apparmor Status in tools to review click packages: Confirmed Status in Online Accounts setup for Ubuntu Touch: Confirmed Status in apparmor-easyprof-ubuntu package in Ubuntu: Fix Released Status in ubuntu-system-settings-online-accounts package in Ubuntu: Fix Released Bug description: With the current implementation, the QML files for account plugins are executed by the Online Accounts QML applet which in turn is executed within the System Settings process, which probably means that malicious account plugins could control everything that the System Settings process can (like entering/exiting the flight mode). Account plugins (or the Online Accounts applet itself) should probably be run in a separate process, which could then be assigned a stricter confinement with apparmor. To manage notifications about this bug go to: https://bugs.launchpad.net/click-reviewers-tools/+bug/1219644/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1219644] Re: Account plugins should be made confinable by apparmor
Reopening for ubuntu-system-settings-online-accounts, since we have still some work to do. ** Changed in: ubuntu-system-settings-online-accounts Status: Fix Released = Confirmed ** Changed in: ubuntu-system-settings-online-accounts (Ubuntu) Status: Fix Released = Confirmed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu in Ubuntu. https://bugs.launchpad.net/bugs/1219644 Title: Account plugins should be made confinable by apparmor Status in tools to review click packages: Confirmed Status in Online Accounts setup for Ubuntu Touch: Confirmed Status in apparmor-easyprof-ubuntu package in Ubuntu: Fix Released Status in ubuntu-system-settings-online-accounts package in Ubuntu: Confirmed Bug description: With the current implementation, the QML files for account plugins are executed by the Online Accounts QML applet which in turn is executed within the System Settings process, which probably means that malicious account plugins could control everything that the System Settings process can (like entering/exiting the flight mode). Account plugins (or the Online Accounts applet itself) should probably be run in a separate process, which could then be assigned a stricter confinement with apparmor. To manage notifications about this bug go to: https://bugs.launchpad.net/click-reviewers-tools/+bug/1219644/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
Re: [Touch-packages] [Bug 1219644] Re: Account plugins should be made confinable by apparmor
On 02/03/2015 11:28 PM, Jamie Strandboge wrote: I started playing with this and have a few observations: * the account plugin is trying to access /proc/pid/attr/current - should this be explicitly denied to silence the denial? No, I think that this happens because the account plugin code is calling aa_gettaskcon(), but when creating the account the PID should actually be the one from the account plugin itself, since it's the one making the request. I'll modify the plugin not to call aa_gettaskcon() if the PID to check is == getpid(). * the account plugin is trying to create /home/phablet/.cache/online- accounts-ui/ -- this should be created on the account plugin's behalf Indeed, I'll make sure that this is created before the plugin is executed. * this account plugin seems to want the audio policy group. this isn't a problem, it just wasn't mentioned before I saw some weird denials, but it was working anyway. Good that you found what it was :-) About the last denial, Feb 3 21:32:09 ubuntu-phablet kernel: [ 5292.570730] type=1400 audit(1422999129.043:411): apparmor=DENIED operation=mknod profile=com.ubuntu.reminders_evernote-account-plugin_0.5.latest name=/tmp/etilqs_Ka88o35o73fdKe8 pid=9590 comm=BrowserBlocking requested_mask=c denied_mask=c fsuid=32011 ouid=32011 I have no idea what this is; I guess it might be coming from oxide? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu in Ubuntu. https://bugs.launchpad.net/bugs/1219644 Title: Account plugins should be made confinable by apparmor Status in tools to review click packages: Confirmed Status in Online Accounts setup for Ubuntu Touch: Confirmed Status in apparmor-easyprof-ubuntu package in Ubuntu: Fix Released Status in ubuntu-system-settings-online-accounts package in Ubuntu: Confirmed Bug description: With the current implementation, the QML files for account plugins are executed by the Online Accounts QML applet which in turn is executed within the System Settings process, which probably means that malicious account plugins could control everything that the System Settings process can (like entering/exiting the flight mode). Account plugins (or the Online Accounts applet itself) should probably be run in a separate process, which could then be assigned a stricter confinement with apparmor. To manage notifications about this bug go to: https://bugs.launchpad.net/click-reviewers-tools/+bug/1219644/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1219644] Re: Account plugins should be made confinable by apparmor
Regarding the /tmp access-- I'm guessing that TMPDIR is not being set by
the process launching the confined plugin. It can be set to one of the
writable directories in the 1.3.4 policy; I suggest /run/user/$USER
/online-accounts-ui/@{APP_PKGNAME}_@{APP_APPNAME}/ since it is in /run
and will be cleaned on reboot. If you pick this, I'll adjust the policy.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1219644
Title:
Account plugins should be made confinable by apparmor
Status in tools to review click packages:
Confirmed
Status in Online Accounts setup for Ubuntu Touch:
Confirmed
Status in apparmor-easyprof-ubuntu package in Ubuntu:
Fix Released
Status in ubuntu-system-settings-online-accounts package in Ubuntu:
Confirmed
Bug description:
With the current implementation, the QML files for account plugins are
executed by the Online Accounts QML applet which in turn is executed
within the System Settings process, which probably means that
malicious account plugins could control everything that the System
Settings process can (like entering/exiting the flight mode).
Account plugins (or the Online Accounts applet itself) should probably
be run in a separate process, which could then be assigned a stricter
confinement with apparmor.
To manage notifications about this bug go to:
https://bugs.launchpad.net/click-reviewers-tools/+bug/1219644/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1219644] Re: Account plugins should be made confinable by apparmor
** Branch linked: lp:~mardy/ubuntu-system-settings-online- accounts/lp1219644-cont -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu in Ubuntu. https://bugs.launchpad.net/bugs/1219644 Title: Account plugins should be made confinable by apparmor Status in tools to review click packages: Confirmed Status in Online Accounts setup for Ubuntu Touch: Confirmed Status in apparmor-easyprof-ubuntu package in Ubuntu: Fix Released Status in ubuntu-system-settings-online-accounts package in Ubuntu: Confirmed Bug description: With the current implementation, the QML files for account plugins are executed by the Online Accounts QML applet which in turn is executed within the System Settings process, which probably means that malicious account plugins could control everything that the System Settings process can (like entering/exiting the flight mode). Account plugins (or the Online Accounts applet itself) should probably be run in a separate process, which could then be assigned a stricter confinement with apparmor. To manage notifications about this bug go to: https://bugs.launchpad.net/click-reviewers-tools/+bug/1219644/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1219644] Re: Account plugins should be made confinable by apparmor
** Branch linked: lp:ubuntu/vivid-proposed/apparmor-easyprof-ubuntu -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu in Ubuntu. https://bugs.launchpad.net/bugs/1219644 Title: Account plugins should be made confinable by apparmor Status in tools to review click packages: Confirmed Status in Online Accounts setup for Ubuntu Touch: Fix Released Status in apparmor-easyprof-ubuntu package in Ubuntu: Confirmed Status in ubuntu-system-settings-online-accounts package in Ubuntu: Fix Released Bug description: With the current implementation, the QML files for account plugins are executed by the Online Accounts QML applet which in turn is executed within the System Settings process, which probably means that malicious account plugins could control everything that the System Settings process can (like entering/exiting the flight mode). Account plugins (or the Online Accounts applet itself) should probably be run in a separate process, which could then be assigned a stricter confinement with apparmor. To manage notifications about this bug go to: https://bugs.launchpad.net/click-reviewers-tools/+bug/1219644/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1219644] Re: Account plugins should be made confinable by apparmor
This bug was fixed in the package apparmor-easyprof-ubuntu - 1.3.4 --- apparmor-easyprof-ubuntu (1.3.4) vivid; urgency=medium [ Alberto Mardegan ] * ubuntu/accounts: explictly deny access to the p2p socket. This will now be available only to unconfined apps to support a trusted socket for privileged processes (LP: #1415492) [ Jamie Strandboge ] * add ubuntu/1.2/ubuntu-account-plugin template and add to 1.3 policy (LP: #1219644) * adjust expected_templates_12 in autopkgtests to have ubuntu-account-plugin * ubuntu/webview: allow /sys/devices/system/cpu/*/cpufreq/cpuinfo_max_freq readonly access -- Jamie Strandboge ja...@ubuntu.com Tue, 03 Feb 2015 16:24:15 -0600 ** Changed in: apparmor-easyprof-ubuntu (Ubuntu) Status: Confirmed = Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu in Ubuntu. https://bugs.launchpad.net/bugs/1219644 Title: Account plugins should be made confinable by apparmor Status in tools to review click packages: Confirmed Status in Online Accounts setup for Ubuntu Touch: Fix Released Status in apparmor-easyprof-ubuntu package in Ubuntu: Fix Released Status in ubuntu-system-settings-online-accounts package in Ubuntu: Fix Released Bug description: With the current implementation, the QML files for account plugins are executed by the Online Accounts QML applet which in turn is executed within the System Settings process, which probably means that malicious account plugins could control everything that the System Settings process can (like entering/exiting the flight mode). Account plugins (or the Online Accounts applet itself) should probably be run in a separate process, which could then be assigned a stricter confinement with apparmor. To manage notifications about this bug go to: https://bugs.launchpad.net/click-reviewers-tools/+bug/1219644/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1219644] Re: Account plugins should be made confinable by apparmor
Also, something isn't honoring and/or setting TMPDIR, since I'm seeing denials like this: Feb 3 21:32:09 ubuntu-phablet kernel: [ 5292.570730] type=1400 audit(1422999129.043:411): apparmor=DENIED operation=mknod profile=com.ubuntu.reminders_evernote-account-plugin_0.5.latest name=/tmp/etilqs_Ka88o35o73fdKe8 pid=9590 comm=BrowserBlocking requested_mask=c denied_mask=c fsuid=32011 ouid=32011 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu in Ubuntu. https://bugs.launchpad.net/bugs/1219644 Title: Account plugins should be made confinable by apparmor Status in tools to review click packages: Confirmed Status in Online Accounts setup for Ubuntu Touch: Fix Released Status in apparmor-easyprof-ubuntu package in Ubuntu: Confirmed Status in ubuntu-system-settings-online-accounts package in Ubuntu: Fix Released Bug description: With the current implementation, the QML files for account plugins are executed by the Online Accounts QML applet which in turn is executed within the System Settings process, which probably means that malicious account plugins could control everything that the System Settings process can (like entering/exiting the flight mode). Account plugins (or the Online Accounts applet itself) should probably be run in a separate process, which could then be assigned a stricter confinement with apparmor. To manage notifications about this bug go to: https://bugs.launchpad.net/click-reviewers-tools/+bug/1219644/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1219644] Re: Account plugins should be made confinable by apparmor
I started playing with this and have a few observations: * the account plugin is trying to access /proc/pid/attr/current - should this be explicitly denied to silence the denial? * the account plugin is trying to create /home/phablet/.cache/online-accounts-ui/ -- this should be created on the account plugin's behalf * this account plugin seems to want the audio policy group. this isn't a problem, it just wasn't mentioned before -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu in Ubuntu. https://bugs.launchpad.net/bugs/1219644 Title: Account plugins should be made confinable by apparmor Status in tools to review click packages: Confirmed Status in Online Accounts setup for Ubuntu Touch: Fix Released Status in apparmor-easyprof-ubuntu package in Ubuntu: Confirmed Status in ubuntu-system-settings-online-accounts package in Ubuntu: Fix Released Bug description: With the current implementation, the QML files for account plugins are executed by the Online Accounts QML applet which in turn is executed within the System Settings process, which probably means that malicious account plugins could control everything that the System Settings process can (like entering/exiting the flight mode). Account plugins (or the Online Accounts applet itself) should probably be run in a separate process, which could then be assigned a stricter confinement with apparmor. To manage notifications about this bug go to: https://bugs.launchpad.net/click-reviewers-tools/+bug/1219644/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1219644] Re: Account plugins should be made confinable by apparmor
Using this for the evernote-account-plugin.apparmor:
{
template: ubuntu-account-plugin,
policy_groups: [
accounts,
audio,
networking,
webview
],
policy_version: 1.2
}
with apparmor-easyprof-ubuntu 1.3.4 (pending upload), I can successfully create
an account under confinement. The reminders app itself is unable to use the
account (I can start it, but it never leaves the splash screen). There are some
denials:
...
Feb 3 21:37:50 ubuntu-phablet kernel: [ 5634.484968] type=1400
audit(1422999470.948:429): apparmor=DENIED operation=mknod
profile=com.ubuntu.reminders_evernote-account-plugin_0.5.latest
name=/tmp/etilqs_R5PWXVRkWjQcVBC pid=10898 comm=BrowserBlocking
requested_mask=c denied_mask=c fsuid=32011 ouid=32011
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1219644
Title:
Account plugins should be made confinable by apparmor
Status in tools to review click packages:
Confirmed
Status in Online Accounts setup for Ubuntu Touch:
Fix Released
Status in apparmor-easyprof-ubuntu package in Ubuntu:
Confirmed
Status in ubuntu-system-settings-online-accounts package in Ubuntu:
Fix Released
Bug description:
With the current implementation, the QML files for account plugins are
executed by the Online Accounts QML applet which in turn is executed
within the System Settings process, which probably means that
malicious account plugins could control everything that the System
Settings process can (like entering/exiting the flight mode).
Account plugins (or the Online Accounts applet itself) should probably
be run in a separate process, which could then be assigned a stricter
confinement with apparmor.
To manage notifications about this bug go to:
https://bugs.launchpad.net/click-reviewers-tools/+bug/1219644/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1219644] Re: Account plugins should be made confinable by apparmor
Jamie, I've been using this: http://mardy.it/archivos/com.ubuntu.reminders_0.5.latest_armhf.click -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu in Ubuntu. https://bugs.launchpad.net/bugs/1219644 Title: Account plugins should be made confinable by apparmor Status in tools to review click packages: Confirmed Status in Online Accounts setup for Ubuntu Touch: Fix Released Status in apparmor-easyprof-ubuntu package in Ubuntu: Confirmed Status in ubuntu-system-settings-online-accounts package in Ubuntu: Fix Released Bug description: With the current implementation, the QML files for account plugins are executed by the Online Accounts QML applet which in turn is executed within the System Settings process, which probably means that malicious account plugins could control everything that the System Settings process can (like entering/exiting the flight mode). Account plugins (or the Online Accounts applet itself) should probably be run in a separate process, which could then be assigned a stricter confinement with apparmor. To manage notifications about this bug go to: https://bugs.launchpad.net/click-reviewers-tools/+bug/1219644/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1219644] Re: Account plugins should be made confinable by apparmor
The approach to take is to create an 'ubuntu-account-plugin' template. Mardy, do you have an example click I could use to test exactly what is needed? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu in Ubuntu. https://bugs.launchpad.net/bugs/1219644 Title: Account plugins should be made confinable by apparmor Status in tools to review click packages: Confirmed Status in Online Accounts setup for Ubuntu Touch: Fix Released Status in apparmor-easyprof-ubuntu package in Ubuntu: Confirmed Status in ubuntu-system-settings-online-accounts package in Ubuntu: Fix Released Bug description: With the current implementation, the QML files for account plugins are executed by the Online Accounts QML applet which in turn is executed within the System Settings process, which probably means that malicious account plugins could control everything that the System Settings process can (like entering/exiting the flight mode). Account plugins (or the Online Accounts applet itself) should probably be run in a separate process, which could then be assigned a stricter confinement with apparmor. To manage notifications about this bug go to: https://bugs.launchpad.net/click-reviewers-tools/+bug/1219644/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1219644] Re: Account plugins should be made confinable by apparmor
** Changed in: ubuntu-system-settings-online-accounts Status: In Progress = Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu in Ubuntu. https://bugs.launchpad.net/bugs/1219644 Title: Account plugins should be made confinable by apparmor Status in tools to review click packages: Confirmed Status in Online Accounts setup for Ubuntu Touch: Fix Released Status in apparmor-easyprof-ubuntu package in Ubuntu: Confirmed Status in ubuntu-system-settings-online-accounts package in Ubuntu: Fix Released Bug description: With the current implementation, the QML files for account plugins are executed by the Online Accounts QML applet which in turn is executed within the System Settings process, which probably means that malicious account plugins could control everything that the System Settings process can (like entering/exiting the flight mode). Account plugins (or the Online Accounts applet itself) should probably be run in a separate process, which could then be assigned a stricter confinement with apparmor. To manage notifications about this bug go to: https://bugs.launchpad.net/click-reviewers-tools/+bug/1219644/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1219644] Re: Account plugins should be made confinable by apparmor
** Branch unlinked: lp:~online-accounts/ubuntu-system-settings-online- accounts/master -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu in Ubuntu. https://bugs.launchpad.net/bugs/1219644 Title: Account plugins should be made confinable by apparmor Status in tools to review click packages: Confirmed Status in Online Accounts setup for Ubuntu Touch: Fix Released Status in apparmor-easyprof-ubuntu package in Ubuntu: Confirmed Status in ubuntu-system-settings-online-accounts package in Ubuntu: Fix Released Bug description: With the current implementation, the QML files for account plugins are executed by the Online Accounts QML applet which in turn is executed within the System Settings process, which probably means that malicious account plugins could control everything that the System Settings process can (like entering/exiting the flight mode). Account plugins (or the Online Accounts applet itself) should probably be run in a separate process, which could then be assigned a stricter confinement with apparmor. To manage notifications about this bug go to: https://bugs.launchpad.net/click-reviewers-tools/+bug/1219644/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1219644] Re: Account plugins should be made confinable by apparmor
** Branch linked: lp:ubuntu/vivid-proposed/ubuntu-system-settings- online-accounts -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu in Ubuntu. https://bugs.launchpad.net/bugs/1219644 Title: Account plugins should be made confinable by apparmor Status in tools to review click packages: Confirmed Status in Online Accounts setup for Ubuntu Touch: In Progress Status in apparmor-easyprof-ubuntu package in Ubuntu: Confirmed Status in ubuntu-system-settings-online-accounts package in Ubuntu: New Bug description: With the current implementation, the QML files for account plugins are executed by the Online Accounts QML applet which in turn is executed within the System Settings process, which probably means that malicious account plugins could control everything that the System Settings process can (like entering/exiting the flight mode). Account plugins (or the Online Accounts applet itself) should probably be run in a separate process, which could then be assigned a stricter confinement with apparmor. To manage notifications about this bug go to: https://bugs.launchpad.net/click-reviewers-tools/+bug/1219644/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1219644] Re: Account plugins should be made confinable by apparmor
This bug was fixed in the package ubuntu-system-settings-online-accounts - 0.6+15.04.20150116-0ubuntu1 --- ubuntu-system-settings-online-accounts (0.6+15.04.20150116-0ubuntu1) vivid; urgency=medium [ Alberto Mardegan ] * New upstream release - Make sure app items are not overlaid on top of each other (LP: #1384314) - Remove snap decision fallback - Make account plugins confinable (LP: #1219644) [ Ubuntu daily release ] * New rebuild forced -- Ubuntu daily release ps-jenk...@lists.canonical.com Fri, 16 Jan 2015 17:18:06 + ** Changed in: ubuntu-system-settings-online-accounts (Ubuntu) Status: New = Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu in Ubuntu. https://bugs.launchpad.net/bugs/1219644 Title: Account plugins should be made confinable by apparmor Status in tools to review click packages: Confirmed Status in Online Accounts setup for Ubuntu Touch: In Progress Status in apparmor-easyprof-ubuntu package in Ubuntu: Confirmed Status in ubuntu-system-settings-online-accounts package in Ubuntu: Fix Released Bug description: With the current implementation, the QML files for account plugins are executed by the Online Accounts QML applet which in turn is executed within the System Settings process, which probably means that malicious account plugins could control everything that the System Settings process can (like entering/exiting the flight mode). Account plugins (or the Online Accounts applet itself) should probably be run in a separate process, which could then be assigned a stricter confinement with apparmor. To manage notifications about this bug go to: https://bugs.launchpad.net/click-reviewers-tools/+bug/1219644/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1219644] Re: Account plugins should be made confinable by apparmor
** Branch linked: lp:~mardy/ubuntu-system-settings-online-accounts /click-plugins -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu in Ubuntu. https://bugs.launchpad.net/bugs/1219644 Title: Account plugins should be made confinable by apparmor Status in tools to review click packages: Confirmed Status in Online Accounts setup for Ubuntu Touch: In Progress Status in apparmor-easyprof-ubuntu package in Ubuntu: Confirmed Status in ubuntu-system-settings-online-accounts package in Ubuntu: New Bug description: With the current implementation, the QML files for account plugins are executed by the Online Accounts QML applet which in turn is executed within the System Settings process, which probably means that malicious account plugins could control everything that the System Settings process can (like entering/exiting the flight mode). Account plugins (or the Online Accounts applet itself) should probably be run in a separate process, which could then be assigned a stricter confinement with apparmor. To manage notifications about this bug go to: https://bugs.launchpad.net/click-reviewers-tools/+bug/1219644/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1219644] Re: Account plugins should be made confinable by apparmor
** Branch linked: lp:~online-accounts/ubuntu-system-settings-online- accounts/master -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu in Ubuntu. https://bugs.launchpad.net/bugs/1219644 Title: Account plugins should be made confinable by apparmor Status in tools to review click packages: Confirmed Status in Online Accounts setup for Ubuntu Touch: In Progress Status in apparmor-easyprof-ubuntu package in Ubuntu: Confirmed Status in ubuntu-system-settings-online-accounts package in Ubuntu: New Bug description: With the current implementation, the QML files for account plugins are executed by the Online Accounts QML applet which in turn is executed within the System Settings process, which probably means that malicious account plugins could control everything that the System Settings process can (like entering/exiting the flight mode). Account plugins (or the Online Accounts applet itself) should probably be run in a separate process, which could then be assigned a stricter confinement with apparmor. To manage notifications about this bug go to: https://bugs.launchpad.net/click-reviewers-tools/+bug/1219644/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1219644] Re: Account plugins should be made confinable by apparmor
Latest version:
owner
/{,var/}run/user/*/online-accounts-ui/ui-*-@{APP_PKGNAME}_@{APP_APPNAME} rw,
owner @{HOME}/.cache/online-accounts-ui/id-*-@{APP_PKGNAME}_@{APP_APPNAME}/
rw,
owner @{HOME}/.cache/online-accounts-ui/id-*-@{APP_PKGNAME}_@{APP_APPNAME}/**
mrwkl,
dbus (send)
bus=session
path=/com/google/code/AccountsSSO/Accounts/Manager
interface=com.google.code.AccountsSSO.Accounts.Manager
member=store
peer=(name=com.google.code.AccountsSSO.Accounts.Manager,label=unconfined),
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1219644
Title:
Account plugins should be made confinable by apparmor
Status in tools to review click packages:
Confirmed
Status in Online Accounts setup for Ubuntu Touch:
In Progress
Status in apparmor-easyprof-ubuntu package in Ubuntu:
Confirmed
Status in ubuntu-system-settings-online-accounts package in Ubuntu:
New
Bug description:
With the current implementation, the QML files for account plugins are
executed by the Online Accounts QML applet which in turn is executed
within the System Settings process, which probably means that
malicious account plugins could control everything that the System
Settings process can (like entering/exiting the flight mode).
Account plugins (or the Online Accounts applet itself) should probably
be run in a separate process, which could then be assigned a stricter
confinement with apparmor.
To manage notifications about this bug go to:
https://bugs.launchpad.net/click-reviewers-tools/+bug/1219644/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1219644] Re: Account plugins should be made confinable by apparmor
I can create an evernote account with these rules:
owner @{HOME}/.cache/online-accounts-ui/id-*-@{APP_PKGNAME}_@{APP_APPNAME}/
rw,
owner @{HOME}/.cache/online-accounts-ui/id-*-@{APP_PKGNAME}_@{APP_APPNAME}/**
mrwkl,
dbus (send)
bus=session
path=/com/google/code/AccountsSSO/Accounts/Manager
interface=com.google.code.AccountsSSO.Accounts.Manager
member=store
peer=(name=com.google.code.AccountsSSO.Accounts.Manager,label=unconfined),
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1219644
Title:
Account plugins should be made confinable by apparmor
Status in tools to review click packages:
Confirmed
Status in Online Accounts setup for Ubuntu Touch:
In Progress
Status in apparmor-easyprof-ubuntu package in Ubuntu:
Confirmed
Status in ubuntu-system-settings-online-accounts package in Ubuntu:
New
Bug description:
With the current implementation, the QML files for account plugins are
executed by the Online Accounts QML applet which in turn is executed
within the System Settings process, which probably means that
malicious account plugins could control everything that the System
Settings process can (like entering/exiting the flight mode).
Account plugins (or the Online Accounts applet itself) should probably
be run in a separate process, which could then be assigned a stricter
confinement with apparmor.
To manage notifications about this bug go to:
https://bugs.launchpad.net/click-reviewers-tools/+bug/1219644/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1219644] Re: Account plugins should be made confinable by apparmor
** Also affects: apparmor-easyprof-ubuntu (Ubuntu) Importance: Undecided Status: New ** Changed in: ubuntu-system-settings-online-accounts Status: Confirmed = In Progress -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu in Ubuntu. https://bugs.launchpad.net/bugs/1219644 Title: Account plugins should be made confinable by apparmor Status in Online Accounts setup for Ubuntu Touch: In Progress Status in apparmor-easyprof-ubuntu package in Ubuntu: New Bug description: With the current implementation, the QML files for account plugins are executed by the Online Accounts QML applet which in turn is executed within the System Settings process, which probably means that malicious account plugins could control everything that the System Settings process can (like entering/exiting the flight mode). Account plugins (or the Online Accounts applet itself) should probably be run in a separate process, which could then be assigned a stricter confinement with apparmor. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-system-settings-online-accounts/+bug/1219644/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1219644] Re: Account plugins should be made confinable by apparmor
The attached branch is a WIP with the changes on the Online Accounts part. I added the apparmor-easyprof-ubuntu project to the bug because I think we'll need some changes there: - There should be a way to specify an apparmor policy file for an account plugin, in the manifest file. This policy will typically contain the accounts policy, and then often also the networking and webview policies; but I'd rather let the developer explicitly declare all of the needed policies. - The account plugin should have access to a unix socket: /run/user/user-id/online-accounts-ui/ui-random-number This is probably not really necessary with the current WIP code, since we call aa_change_profile() after connecting to that socket; we'll understand this better when we can test the whole thing. - The account plugin should be able to send method calls on this D-Bus service (on the session bus): service=com.google.code.AccountsSSO.Accounts.Manager path=/com/google/code/AccountsSSO/Accounts/Manager interface=com.google.code.AccountsSSO.Accounts.Manager (the service then will itself check the apparmor label of the peer and decide whether to process the request or not) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu in Ubuntu. https://bugs.launchpad.net/bugs/1219644 Title: Account plugins should be made confinable by apparmor Status in Online Accounts setup for Ubuntu Touch: In Progress Status in apparmor-easyprof-ubuntu package in Ubuntu: New Bug description: With the current implementation, the QML files for account plugins are executed by the Online Accounts QML applet which in turn is executed within the System Settings process, which probably means that malicious account plugins could control everything that the System Settings process can (like entering/exiting the flight mode). Account plugins (or the Online Accounts applet itself) should probably be run in a separate process, which could then be assigned a stricter confinement with apparmor. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-system-settings-online-accounts/+bug/1219644/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1219644] Re: Account plugins should be made confinable by apparmor
** Also affects: click-reviewers-tools Importance: Undecided Status: New ** Changed in: apparmor-easyprof-ubuntu (Ubuntu) Assignee: (unassigned) = Jamie Strandboge (jdstrand) ** Changed in: apparmor-easyprof-ubuntu (Ubuntu) Importance: Undecided = Medium ** Changed in: apparmor-easyprof-ubuntu (Ubuntu) Status: New = Confirmed ** Changed in: click-reviewers-tools Status: New = Confirmed ** Changed in: click-reviewers-tools Importance: Undecided = Medium ** Changed in: click-reviewers-tools Assignee: (unassigned) = Jamie Strandboge (jdstrand) ** Tags added: application-confinement -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu in Ubuntu. https://bugs.launchpad.net/bugs/1219644 Title: Account plugins should be made confinable by apparmor Status in tools to review click packages: Confirmed Status in Online Accounts setup for Ubuntu Touch: In Progress Status in apparmor-easyprof-ubuntu package in Ubuntu: Confirmed Bug description: With the current implementation, the QML files for account plugins are executed by the Online Accounts QML applet which in turn is executed within the System Settings process, which probably means that malicious account plugins could control everything that the System Settings process can (like entering/exiting the flight mode). Account plugins (or the Online Accounts applet itself) should probably be run in a separate process, which could then be assigned a stricter confinement with apparmor. To manage notifications about this bug go to: https://bugs.launchpad.net/click-reviewers-tools/+bug/1219644/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
