Despite such protection for ~/.bashrc, ~/.login, ~/.profile, etc., it is
trivially easy to have a malicious program executed in a shell set an
alias during execution that persists for further execution within the
same shell. Further, such restriction only makes it slightly harder for
the malicious program to perform the act, with a line like the
following:
$ vi -c 'r sneaky.sh' -c wq ~/.bashrc
This would insert the contents of sneaky.sh at the top of ~/.bashrc
silently, and not trigger the requested AppArmor protection.
As described, this feature provides the appearance of protection without
real protection, and therefore does not add to the overall safety of the
environment. AppArmor should not protect ~/.bashrc in this manner.
** Changed in: apparmor (Ubuntu)
Status: New => Won't Fix
--
Feature Enhancement: Disable non-text-editors from editing ~/.bashrc
https://bugs.launchpad.net/bugs/153269
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
