[apparmor] owner usage for @{HOME} rules

Seth Arnold seth.arnold at canonical.com
Wed Dec 19 23:44:49 UTC 2012 

On Wed, Dec 19, 2012 at 06:30:01PM -0500, Simon Deziel wrote:
> > If we don't add 'owner' to the rules, a virus or worm is more likely to be
> > able to spread outside of one user account to infect other user accounts,
> > either by actively writing to other user's data, or by allowing a program
> > to read another user's infected data. (Think of a corrupt user-installed
> > font, corrupted PDF, etc.)
> 
> Agreed. Also, I can't think of a good scenario where someone would need
> read (or even write) access to another user's fonts or config files.

I could imagine that a font could be "linked" in an office-productivity
suite document, such that a user's installed font is specifically used.
It's a stretch. :)

> I have attached a patch that adds "owner" for config/hidden files so
> comments/improvements are welcome.

Very nice. :)

> === modified file 'profiles/apparmor.d/abstractions/bash'
> --- profiles/apparmor.d/abstractions/bash	2012-08-06 11:56:31 +0000
> +++ profiles/apparmor.d/abstractions/bash	2012-12-19 22:57:02 +0000
> @@ -10,10 +10,10 @@
>  
>    # user-specific bash files
>    @{HOMEDIRS}                      r,
> -  @{HOME}/.bashrc                  r,
> -  @{HOME}/.profile                 r,
> -  @{HOME}/.bash_profile            r,
> -  @{HOME}/.bash_history            rw,
> +  owner @{HOME}/.bashrc            r,
> +  owner @{HOME}/.profile           r,
> +  owner @{HOME}/.bash_profile      r,
> +  owner @{HOME}/.bash_history      rw,

These are the only ones that looks potentially problematic to me -- sudo
may or may not scrub the environment when it executes shells or programs
that may execute shells, and something this tight may prevent proper
initialization or prevent the history feature from working. This might
be desirable at many, or even most, sites, but it does feel like the
change most likely to break something somewhere.

But I do like the rest of the patch.

Thanks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20121219/44398271/attachment.pgp>

More information about the AppArmor mailing list