This bug was fixed in the package apparmor-easyprof-ubuntu - 16.10.3
---------------
apparmor-easyprof-ubuntu (16.10.3) yakkety; urgency=medium
[ Michi Henning ]
* add ClientConfig to list of allowed methods for applications using the
thumbnailer (LP: #1528058)
-- Jamie Strandboge <ja...@ubuntu.com> Fri, 26 Aug 2016 10:01:48 -0500
** Changed in: apparmor-easyprof-ubuntu (Ubuntu)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1260103
Title:
oxide should use an app-specific path for shared memory files
Status in Canonical System Image:
Fix Released
Status in Oxide:
Fix Released
Status in Oxide 1.17 series:
Fix Released
Status in webapps-sprint:
Fix Committed
Status in apparmor-easyprof-ubuntu package in Ubuntu:
Fix Released
Bug description:
Oxide creates shared memory files as /run/shm/.org.chromium.Chromium.*. This
results in an AppArmor rule like the following:
owner /run/shm/.org.chromium.Chromium.* rwk,
But this rule is too lenient because a malicious app could enumerate
these files and attack shared memory of other applications. Therefore,
these paths need to be made application specific.
To manage notifications about this bug go to:
https://bugs.launchpad.net/canonical-devices-system-image/+bug/1260103/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
