** Also affects: canonical-devices-system-image Importance: Undecided Status: New
** Changed in: canonical-devices-system-image Importance: Undecided => Medium ** Changed in: canonical-devices-system-image Status: New => In Progress ** Changed in: canonical-devices-system-image Milestone: None => 13 ** Changed in: canonical-devices-system-image Assignee: (unassigned) => David Barth (dbarth) -- You received this bug notification because you are a member of Ubuntu WebApps bug tracking, which is subscribed to Oxide. https://bugs.launchpad.net/bugs/1260103 Title: oxide should use an app-specific path for shared memory files Status in Canonical System Image: In Progress Status in Oxide: Fix Released Status in apparmor-easyprof-ubuntu package in Ubuntu: Confirmed Bug description: Oxide creates shared memory files as /run/shm/.org.chromium.Chromium.*. This results in an AppArmor rule like the following: owner /run/shm/.org.chromium.Chromium.* rwk, But this rule is too lenient because a malicious app could enumerate these files and attack shared memory of other applications. Therefore, these paths need to be made application specific. To manage notifications about this bug go to: https://bugs.launchpad.net/canonical-devices-system-image/+bug/1260103/+subscriptions -- Mailing list: https://launchpad.net/~ubuntu-webapps-bugs Post to : ubuntu-webapps-bugs@lists.launchpad.net Unsubscribe : https://launchpad.net/~ubuntu-webapps-bugs More help : https://help.launchpad.net/ListHelp