** Description changed:
Ubuntu SDK applications that use webkit webviews store webkit databases in
places like this:
~/.local/share/Qt Project/QtQmlViewer/.QtWebKit/WebpageIcons.db
~/.local/share/Qt Project/QtQmlViewer/.QtWebKit/cookies.db
This results in AppArmor rules like the following:
owner "@{HOME}/.local/share/Qt Project/QtQmlViewer/.QtWebKit/WebpageIcons.db"
rwk,
owner "@{HOME}/.local/share/Qt Project/QtQmlViewer/.QtWebKit/cookies.db" rwk,
But these rules are too lenient because this could disclose data to a
malicious app and a malicious app could poison the databases. Therefore,
these paths need to be made application specific. Specifically:
- somewhere in $XDG_DATA_DIR/<app id> where '<app id>' will ultimately be
+ somewhere in $XDG_DATA_HOME/<app id> where '<app id>' will ultimately be
the reverse domain name with Click packages (see bug #1197037 for
details on '<app id>').
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1197056
Title:
SDK webview applications should not use ~/.local/share/Qt
Project/QtQmlViewer/.QtWebKit/ for their databases
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-ui-toolkit/+bug/1197056/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
