Public bug reported:
It was discovered that nss will try to load .so files from ~/.pki/nssdb/. Eg:
open("/home/<username>/.pki/nssdb/libnssckbi.so", O_RDONLY) = -1 ENOENT (No
such file or directory)
The private-files abstraction should explicitly deny writes to this directory.
Since nss also stores certificates, etc in this directory, should use something
like:
audit deny @{HOME}/.pki/nssdb/*.so{,.[0-9]*} wl,
** Affects: apparmor (Ubuntu)
Importance: Medium
Assignee: Jamie Strandboge (jdstrand)
Status: In Progress
** Affects: apparmor (Ubuntu Precise)
Importance: Medium
Assignee: Jamie Strandboge (jdstrand)
Status: In Progress
** Also affects: apparmor (Ubuntu Precise)
Importance: Undecided
Status: New
** Changed in: apparmor (Ubuntu Precise)
Importance: Undecided => Medium
** Changed in: apparmor (Ubuntu Precise)
Status: New => In Progress
** Changed in: apparmor (Ubuntu Precise)
Milestone: None => precise-alpha-2
** Changed in: apparmor (Ubuntu Precise)
Assignee: (unassigned) => Jamie Strandboge (jdstrand)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/911847
Title:
private-files should disallow writing to .pki so files
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/911847/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
