Source: pidgin
Version: 2.10.4-1.1
Severity: wishlist
Tags: patch
User: appar...@packages.debian.org
Usertags: new-profile
thanks
Please include AppArmor profile for pidgin.
Since it handles untrusted data, and has been affected by a number of
potential security issues in past years relating to its handling of
those, it seems like an ideal candidate for confining:
https://wiki.debian.org/AppArmor
I have been testing pidgin for a few months, on a Debian sid system,
with the attached AppArmor profile. I have not run into any single
problem with it.
Attached is a patch that adds this AppArmor support to pidgin.
Please consider applying it.
Note that enforcing AppArmor profiles is currently opt-in: applying
the attached does not change anything for users unless they enable
AppArmor system-wide themselves.
Cheers,
--
intrigeri
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc
>From 476491e28a1b9757c55cf5b33a08f5c639b238ea Mon Sep 17 00:00:00 2001
From: intrigeri <intrig...@boum.org>
Date: Sun, 8 Apr 2012 10:51:00 +0200
Subject: [PATCH] Install AppArmor profile.
---
debian/apparmor-profile | 93 +++++++++++++++++++++++++++++++++++++++++++++++
debian/control | 4 +-
debian/pidgin.dirs | 1 +
debian/rules | 4 ++
4 files changed, 100 insertions(+), 2 deletions(-)
create mode 100644 debian/apparmor-profile
create mode 100644 debian/pidgin.dirs
diff --git a/debian/apparmor-profile b/debian/apparmor-profile
new file mode 100644
index 0000000..4e7e1f2
--- /dev/null
+++ b/debian/apparmor-profile
@@ -0,0 +1,93 @@
+# vim:syntax=apparmor
+
+#include <tunables/global>
+
+/usr/bin/pidgin {
+ #include <abstractions/audio>
+ #include <abstractions/aspell>
+ #include <abstractions/base>
+ #include <abstractions/bash>
+ #include <abstractions/consoles>
+ #include <abstractions/dbus>
+ #include <abstractions/dbus-session>
+ #include <abstractions/fonts>
+ #include <abstractions/freedesktop.org>
+ #include <abstractions/gnome>
+ #include <abstractions/launchpad-integration>
+ #include <abstractions/nameservice>
+ #include <abstractions/private-files-strict>
+ #include <abstractions/user-download>
+ #include <abstractions/user-tmp>
+ #include <abstractions/ibus>
+ #include <abstractions/X>
+
+ deny capability sys_ptrace,
+
+ deny @{HOME}/.bash* rw,
+ deny @{HOME}/.cshrc rw,
+ deny @{HOME}/.profile rw,
+ deny @{HOME}/.zshrc rw,
+
+ owner @{HOME}/.config/enchant/ rw,
+ owner @{HOME}/.config/enchant/* rwk,
+ owner @{HOME}/.local/share/icons/ r,
+ owner @{HOME}/.local/share/mime/* r,
+ owner @{HOME}/.gnome2/nautilus-sendto/** rw,
+ owner @{HOME}/.gstreamer*/ rw,
+ owner @{HOME}/.gstreamer*/** rw,
+ owner @{HOME}/.pulse/ rw,
+ owner @{HOME}/.pulse/** rw,
+ owner @{HOME}/.pulse-cookie rwk,
+ owner @{HOME}/.purple/ rw,
+ owner @{HOME}/.purple/** rwk,
+
+ /bin/dash rix,
+
+ /{dev,run}/shm/ r,
+ /{dev,run}/shm/* rw,
+
+ /etc/ r,
+ /etc/pulse/client.conf r,
+ /etc/ssl/certs/ r,
+ /etc/ssl/certs/** r,
+ /etc/ssl/certs/ssl-cert-snakeoil.pem r,
+
+ owner /tmp/orbit-*/* w,
+ owner /tmp/pulse-*/* w,
+
+ /usr/bin/gconftool-2 rix,
+ /usr/bin/gnome-default-applications-properties ix,
+ /usr/bin/gnome-network-preferences ix,
+ /usr/bin/gnome-open rmix,
+ /usr/bin/pidgin r,
+ /usr/bin/xdg-open rmix,
+
+ /usr/lib/ r,
+ /usr/lib/frei0r-1/*.so rm,
+ /usr/lib/libvisual-*/**.so rm,
+ /usr/lib/pidgin/*.so rm,
+ /usr/lib/purple*/*.so rm,
+
+ /usr/lib/firefox-*/firefox.sh Px,
+ /usr/lib/iceweasel/iceweasel Px,
+
+ /usr/share/ca-certificates/*/** r,
+ /usr/share/enchant/enchant.ordering r,
+ /usr/share/locale-langpack/** rm,
+ /usr/share/purple/ca-certs/ r,
+ /usr/share/purple/ca-certs/** r,
+ /usr/share/myspell/dicts/ r,
+ /usr/share/myspell/dicts/** r,
+ /usr/share/tcltk/** r,
+
+ /usr/include/python2.7/pyconfig.h r,
+ /usr/share/themes/** r,
+
+ /usr/share/hunspell/ r,
+ /usr/share/hunspell/** r,
+
+ deny @{PROC}/** r,
+
+ # Site-specific additions and overrides. See local/README for details.
+ #include <local/usr.bin.pidgin>
+}
diff --git a/debian/control b/debian/control
index a8daf5e..203f4ef 100644
--- a/debian/control
+++ b/debian/control
@@ -14,7 +14,7 @@ Build-Depends: cdbs (>= 0.4.53), debhelper (>= 7), intltool, gconf2,
xsltproc, doxygen, libfarstream-0.1-dev,
libgstreamer-plugins-base0.10-dev,
network-manager-dev (>= 0.9.0) [linux-any],
- libsqlite3-dev (>= 3.3), libidn11-dev, ca-certificates
+ libsqlite3-dev (>= 3.3), libidn11-dev, ca-certificates, dh-apparmor
Standards-Version: 3.8.3
Vcs-Git: git://git.debian.org/git/collab-maint/pidgin.git
Vcs-Browser: http://git.debian.org/?p=collab-maint/pidgin.git
@@ -41,7 +41,7 @@ Package: pidgin
Architecture: any
Depends: pidgin-data (>= ${source:Upstream-Version}), pidgin-data (<< ${source:Upstream-Version}-z), ${shlibs:Depends}, ${misc:Depends}, ${perl:Depends}
Recommends: gstreamer0.10-plugins-base, gstreamer0.10-plugins-good
-Suggests: ${shlibs:Suggests}
+Suggests: ${shlibs:Suggests}, apparmor
Description: graphical multi-protocol instant messaging client for X
Pidgin is a graphical, modular instant messaging client capable of using
multiple networks at once. Currently supported are:
diff --git a/debian/pidgin.dirs b/debian/pidgin.dirs
new file mode 100644
index 0000000..79a7ef3
--- /dev/null
+++ b/debian/pidgin.dirs
@@ -0,0 +1 @@
+etc/apparmor.d
diff --git a/debian/rules b/debian/rules
index 3bf50b2..8366f40 100755
--- a/debian/rules
+++ b/debian/rules
@@ -73,3 +73,7 @@ binary-install/pidgin-dev::
cleanbuilddir/pidgin-dev::
rm -f debian/dh_pidgin.1
+
+binary-install/pidgin::
+ cp debian/apparmor-profile debian/pidgin/etc/apparmor.d/usr.bin.pidgin
+ dh_apparmor --profile-name=usr.bin.pidgin -ppidgin
--
1.7.10
