Just to add some more information in order to have a more clear idea of the seriousness of this bug: accounts which are created when the signon- apparmor-extension is installed will work fine: apps won't be able to abuse them.
This bug only affects the accounts which were created when the extension was not installed: even if the extension gets installed later on, the ACL checks will be bypassed and any app can get access to any account. Fixing this bug will make all accounts (regardless of when they were created) be protected by the ACL once the signon-apparmor-extension is installed. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1392380 Title: OA gives out all tokens to any app To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/signon/+bug/1392380/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
