[apparmor] [Merge] lp:~sdeziel/apparmor-profiles/thunderbird-enigmail-1.9 into lp:apparmor-profiles

Simon Déziel simon.deziel at gmail.com
Mon Apr 18 21:57:24 UTC 2016


On 2016-04-18 04:36 PM, Seth Arnold wrote:
> I'm surprised about the silenced denials -- those seem wide-ranging
> and potentially problematic. I might have even thought that
> thunderbird should have ~/.thunderbird/** rwlk, access.

The web view doesn't make it very easy to spot but those rules apply
only to the _subprofile_ gpg2.

> The static names in /tmp/ are interesting. Those may need more
> research to see if those need a CVE. (It's possible to use static
> names in /tmp safely, but the [0-9]* regex there gives me a bad
> feeling.)

When the base file already exists, a number is appended, that's only how
far I checked this.

-- 
https://code.launchpad.net/~sdeziel/apparmor-profiles/thunderbird-enigmail-1.9/+merge/292191
Your team AppArmor Developers is requested to review the proposed merge of lp:~sdeziel/apparmor-profiles/thunderbird-enigmail-1.9 into lp:apparmor-profiles.



More information about the AppArmor mailing list