[apparmor] [Bug 1609439] [NEW] Firefox profile has too much access

Vincas Dargis 1609439 at bugs.launchpad.net
Wed Aug 3 14:32:39 UTC 2016 

Public bug reported:

usr.bin.firefox in Kubuntu 16.04.1 profile has some fine grained rules
defined concerning home directory, such as:

  owner @{HOME}/ r,
  ...
  owner @{HOME}/.{firefox,mozilla}/ rw,
  owner @{HOME}/.{firefox,mozilla}/** rw,
  owner @{HOME}/.{firefox,mozilla}/**/*.{db,parentlock,sqlite}* k,
  owner @{HOME}/.{firefox,mozilla}/**/plugins/** mr,
  owner @{HOME}/.{firefox,mozilla}/plugins/** mr,
  owner @{HOME}/Downloads/ r,
  owner @{HOME}/Downloads/* rw,
  owner @{HOME}/Public/ r,
  owner @{HOME}/Public/* r,
  ...

It *looks* strict at first sight, but I still can read some arbitrary files from my home (sub)directory, such as 
/home/vincas/talkless.pqi
/home/vincas/code/something...

It *does* protect .ssh/id_rsa.pub and such, for example, so denies kinda
works from "private-files-strict" include.

I've checked apparor_parser -d -d, I can see some @{HOME}/** rw...
rules, though it looks like it should belong to browser_java,
browser_openjdk subprofiles, but it looks like if they are "leaking"
somehow for main process.

I'm attaching apparmor_parser -d -d and -p outputs.

** Affects: apparmor-profiles
     Importance: Undecided
         Status: New

** Attachment added: "apparmor_parser_-d-d.txt"
   https://bugs.launchpad.net/bugs/1609439/+attachment/4713227/+files/apparmor_parser_-d-d.txt

-- 
You received this bug notification because you are a member of AppArmor
Developers, which is subscribed to AppArmor Profiles.
https://bugs.launchpad.net/bugs/1609439

Title:
  Firefox profile has too much access

Status in AppArmor Profiles:
  New

Bug description:
  usr.bin.firefox in Kubuntu 16.04.1 profile has some fine grained rules
  defined concerning home directory, such as:

    owner @{HOME}/ r,
    ...
    owner @{HOME}/.{firefox,mozilla}/ rw,
    owner @{HOME}/.{firefox,mozilla}/** rw,
    owner @{HOME}/.{firefox,mozilla}/**/*.{db,parentlock,sqlite}* k,
    owner @{HOME}/.{firefox,mozilla}/**/plugins/** mr,
    owner @{HOME}/.{firefox,mozilla}/plugins/** mr,
    owner @{HOME}/Downloads/ r,
    owner @{HOME}/Downloads/* rw,
    owner @{HOME}/Public/ r,
    owner @{HOME}/Public/* r,
    ...

  It *looks* strict at first sight, but I still can read some arbitrary files from my home (sub)directory, such as 
  /home/vincas/talkless.pqi
  /home/vincas/code/something...

  It *does* protect .ssh/id_rsa.pub and such, for example, so denies
  kinda works from "private-files-strict" include.

  I've checked apparor_parser -d -d, I can see some @{HOME}/** rw...
  rules, though it looks like it should belong to browser_java,
  browser_openjdk subprofiles, but it looks like if they are "leaking"
  somehow for main process.

  I'm attaching apparmor_parser -d -d and -p outputs.

To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor-profiles/+bug/1609439/+subscriptions

More information about the AppArmor mailing list