[apparmor] [profile] Evince: the lack of "private-files-strict" and a lenient, dangerous rules related to @{HOME} folder.

[daniel curtis]

Hello

Yesterday, I noticed a strange lack of an abstraction rule in a default
Evince profile (provided with 16.04 LTS install) and I would like to ask if
it's just an oversight and there should be added one rule:
"abstractions/private-files-strict"? Generally, this profile contains
sub-profiles with these rules:

✗ /usr/bin/evince {
(...)
# This is need for saving files in your home directory without
# an extension. Changing this to '@{HOME}/** r' makes it require
# an extension and more secure (but with 'rw', we still have
# abstractions/private-files-strict in effect).
owner @{HOME}/** rw,
owner /media/**  rw,

✗ /usr/bin/evince-previewer {
(...)
# Lenient, but remember we still have abstractions/private-files-
# strict in effect). Write is needed for 'print to file' from
# the previewer.
@{HOME}/ r,
@{HOME}/** rw,

✗ /usr/bin/evince-thumbnailer {
(...)
# Lenient, but remember we still have abstractions/private-files-
# strict in effect).
@{HOME}/ r,
owner @{HOME}/** rw,
owner /media/**  rw,
}

As we can see, there are comments suggesting, that an abstraction rule with
"private-files-strict" is in use, but it's not. (At least in the 16.04 LTS
default profile.) What do you think about this? Should an abstraction's
"private-files-strict" rule be added to the Evince profile and all
sub-profiles?

Thanks, best regards.
.
.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20171129/4ac28560/attachment.html>