On Fri, 2013-09-06 at 07:51 -0500, Jamie Strandboge wrote: > On 09/05/2013 10:10 PM, Ted Gould wrote: > > Which brings up an interesting attack possibility. An application with a > > corrupted application icon that gets loaded directly by Unity. You wouldn't > > even need to have the app installed as browsing through the click scope > > would be > > enough. Most icon loaders should be pretty robust by now... > > > > Yes, this is something I considered. For now I think we just have to treat > that > as a security vulnerability in Unity/the underlying libraries like we do now. > Ultimately, I think we should probably handle it like gettext and the > infographic-- icon loading is handled in a separate process with an apparmor > profile and ideally seccomp. Do you know otoh what I should file this wishlist > bug against?
No, it would be a bit unclear. If nothing else, because hopefully soon we'd be giving things like JPEGs directly to the GPU to decode. (though, we've been saying that for years) Another thought that I had was that perhaps we could just decompress and recompress the icons server side. Basically upload, convert to XPM, then back to PNG. If an attack can survive in an XPM it deserves to live :-) Ted
signature.asc
Description: This is a digitally signed message part
-- Mailing list: https://launchpad.net/~ubuntu-appstore-developers Post to : ubuntu-appstore-developers@lists.launchpad.net Unsubscribe : https://launchpad.net/~ubuntu-appstore-developers More help : https://help.launchpad.net/ListHelp
