Public bug reported:
This bug first and also reported on GitHub. I have also noticed another
error that could benefit by a fix to this bug (GitHub: Generic icons
which aren't an application appearing in dock #136). The bug is the
title: Programs started that have rules created for them should be
respected, whether those rules are user or system created. This could
pose a security risk. If mate-dock-applet respected or searched
against/validated its current running apps against the tasklist, it
could narrow down or eliminate errors. To save resources this check
would only have to be performed when the applet adds a new window.
I noticed this bug because I have some programs and scripts that start-
up hidden from certain users (kids/students) to log and prevent user
attempts to backdoor security measures (i.e. you cant type or copy to
the clipboard the word 'proxy' or 'firewall' without the word(s) being
replaced by the name of the user). For me, this applet is useful and I
would like to make it available to other users, but this bug presents a
security risk by not respecting those settings.
I have not elevated this to a security bug on launch pad, because I
believe I have a special use case. However, if this bug could
potentially lead to exposing/misidentify system programs that should
remain hidden and revealing them to the user or granting a user elevated
control when they shouldn't, then it poses an obvious and dangerous
security risk. I welcome any admin to elevate this bug to a security
risk if they believe my 'special use case' simply revealed a glaring
security bug.
** Affects: mate-dock-applet (Ubuntu)
Importance: Undecided
Status: New
** Tags: devilspie mate-dock-applet skip-tasklist wmctrl
** Description changed:
This bug first and also reported on GitHub. I have also noticed another
error that could benefit by a fix to this bug (GitHub: Generic icons
which aren't an application appearing in dock #136). The bug is the
title: Programs started that have rules created for them should be
respected, whether those rules are user or system created. This could
pose a security risk. If mate-dock-applet respected or searched
against/validated its current running apps against the tasklist, it
could narrow down or eliminate errors. To save resources this check
would only have to be performed when the applet adds a new window.
I noticed this bug because I have some programs and scripts that start-
up hidden from certain users (kids/students) to log and prevent user
attempts to backdoor security measures (i.e. you cant type or copy to
the clipboard the word 'proxy' or 'firewall' without the word(s) being
replaced by the name of the user). For me, this applet is useful and I
would like to make it available to other users, but this bug presents a
security risk by not respecting those settings.
I have not elevated this to a security bug on launch pad, because I
believe I have a special use case. However, if this bug could
potentially lead to exposing/misidentify system programs that should
remain hidden and revealing them to the user or granting a user elevated
control when they shouldn't, then it poses an obvious and dangerous
- security risk. I welcome any admin to elevate this bug t a security
+ security risk. I welcome any admin to elevate this bug to a security
risk if they believe my 'special use case' simply revealed a glaring
security bug.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1768191
Title:
mate-dock-applet Does not respect 'skip-tasklist' from wmctrl or
gdevilspie
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/mate-dock-applet/+bug/1768191/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
