** Description changed:
+ SRU
+
+ 1. This update provides additional protection for consumers of the
+ private-files and private-files-strict abstractions. In Ubuntu, the
+ evince and firefox profiles use the private-files abstraction. The
+ firefox profile is disabled by default.
+
+ 2. This was fixed in 2.6~devel+bzr1617-0ubuntu1 in natty, which is
+ upstream revision 1618 in apparmor-trunk.
+
+ 3. debdiffs are attached
+
+ 4. TEST CASE:
+ * open evince with an image or PDF
+ * try to save the file (via File/Save a copy) to ~/.config/autostart and/or
~/.kde/Autostart
+
+ Evince should not be able to save the file.
+
+ 5. The impact on users should be very low as these are abstraction
+ updates that aren't in widespread use.
+
+
+ Original description:
Binary package hint: apparmor
The usr.bin.evince AppArmor profile includes the line "@{HOME}/** rw",
which gives read/write access to the user's home directory. Some files
are explicitly denied by including the "abstractions/private-files"
profile, which blocks write access to files like .profile and
.bash_profile. However, it's still possible to write files to
~/.config/autostart/, which means that an attacker exploiting evince
could drop a desktop shortcut into that directory which would then be
executed the next time the user logs in to the GUI.
I think the best way to fix this would be deny writes to anything in
~/.config in the abstractions/private-files profile.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/698194
Title:
apparmor private-files profile should include @{HOME}/.config
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
