[Bug 447292] Re: AppArmor does not allow access when @{HOME} is not /home
Jamie Strandboge
jamie at ubuntu.com
Mon Nov 2 02:51:56 UTC 2009
For those users hitting this issue, I'd like to stress that the security
benefits of using an AppArmor profile for evince are very high,
especially when considering the problems seen with the PDF and image
libraries. poppler, the PDF library used by evince, has had no fewer
than 19 different security vulnerabilities in the last year, some of
which can lead to arbitrary code execution. The AppArmor profile in
Ubuntu 9.10 turns these vulnerabilities from potential situations where
an attacker can run code on your computer into a simple application
crash (at worst). For the vast majority of Ubuntu users, they will
realize this security benefit without knowing AppArmor is protecting
them.
The release notes for Ubuntu 9.10 discuss having to adjust tunables
manually when you have a different location for your home directory (see
http://www.ubuntu.com/getubuntu/releasenotes/910). This said, the
current situation is suboptimal and it is a very high priority to
improve this in Ubuntu 10.04.
--
AppArmor does not allow access when @{HOME} is not /home
https://bugs.launchpad.net/bugs/447292
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs at lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
More information about the universe-bugs
mailing list