Unfortunately, evince needs access to the X server. Since apparmor doesn't yet support XACE or equivalent this means that evince can still launch keylogging and keyspoofing attacks. I think our first priority should be stopping evince from sending keypresses to a terminal in the background (which is is on the roadmap for apparmor I understand). Once we do that we can think about fixing this bug right, e.g. using the LD_PRELOAD trick Plash uses to replace the GTK file/open save dialog box with one that passes the rights to the file the user selects (and only the file the user selects).
-- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to evince in Ubuntu. https://bugs.launchpad.net/bugs/900324 Title: apparmor profile provides too much access To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/evince/+bug/900324/+subscriptions -- desktop-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
