And here is what such a patch would look like:
diff --git a/base/files/file_util_posix.cc b/base/files/file_util_posix.cc
index 42de931..f9dec07 100644
--- a/base/files/file_util_posix.cc
+++ b/base/files/file_util_posix.cc
@@ -139,6 +139,10 @@ std::string TempFileName() {
#if defined(GOOGLE_CHROME_BUILD)
return std::string(".com.google.Chrome.XXXXXX");
#else
+ const char* tmp = getenv("SNAP_NAME");
+ if (tmp) {
+ return std::string("snap.").append(tmp).append(".XXXXXX");
+ }
return std::string(".org.chromium.Chromium.XXXXXX");
#endif
}
** Changed in: oxide
Milestone: None => branch-1.17
** Changed in: oxide
Status: Triaged => In Progress
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1260103
Title:
oxide should use an app-specific path for shared memory files
Status in Oxide:
In Progress
Status in apparmor-easyprof-ubuntu package in Ubuntu:
Confirmed
Bug description:
Oxide creates shared memory files as /run/shm/.org.chromium.Chromium.*. This
results in an AppArmor rule like the following:
owner /run/shm/.org.chromium.Chromium.* rwk,
But this rule is too lenient because a malicious app could enumerate
these files and attack shared memory of other applications. Therefore,
these paths need to be made application specific.
To manage notifications about this bug go to:
https://bugs.launchpad.net/oxide/+bug/1260103/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
