Public bug reported:
Apparmor rules for evince forbid opening a PDF from an external drive mounted
under /media/… unless its filename ends in '.pdf'.
Same file will be opened if it is copied to /home/… or renamed to a filename
tailing in '.pdf' on the external drive.
See bugs #1096837 and #1327161.
On a GNU/Linux system like Ubuntu these rules are useless because
filetype is not determined by an extension. Checking the filename adds
no security. It smells like snakeoil to me.
Please review the apparmor profile. On an GNU/Linux system opening a PDF
should not denied on filename.
This bug affects Ubuntu versions 14.04 LTS, 12.04 LTS and 10.04 LTS.
** Affects: evince (Ubuntu)
Importance: Undecided
Status: New
** Description changed:
Apparmor rules for evince forbid opening a PDF from an external drive mounted
under /media/… unless its filename ends in '.pdf'.
Same file will be opened if it is copied to /home/… or renamed to a filename
tailing in '.pdf' on the external drive.
See bugs #1096837 and #1327161.
On a GNU/Linux system like Ubuntu these rules are useless because
filetype ist not determined by an extension. Checking the filename adds
- no security. It smels like snakeoil to me.
+ no security. It smells like snakeoil to me.
Please review the apparmor profile. On an GNU/Linux system opening a PDF
should not denied on filename.
This bug affects Ubuntu versions 14.04 LTS, 12.04 LTS and 10.04 LTS.
** Information type changed from Private Security to Public
** Description changed:
Apparmor rules for evince forbid opening a PDF from an external drive mounted
under /media/… unless its filename ends in '.pdf'.
Same file will be opened if it is copied to /home/… or renamed to a filename
tailing in '.pdf' on the external drive.
See bugs #1096837 and #1327161.
On a GNU/Linux system like Ubuntu these rules are useless because
- filetype ist not determined by an extension. Checking the filename adds
+ filetype is not determined by an extension. Checking the filename adds
no security. It smells like snakeoil to me.
Please review the apparmor profile. On an GNU/Linux system opening a PDF
should not denied on filename.
This bug affects Ubuntu versions 14.04 LTS, 12.04 LTS and 10.04 LTS.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1330430
Title:
apparmor profile needs review/improvement
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/evince/+bug/1330430/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
