Ubuntu
apparmor-easyprof-ubuntu package

SDK webview applications should use an app-specific path for shared memory files

Bug #1197060 reported by Jamie Strandboge
20
This bug affects 2 people
Affects Status Importance Assigned to Milestone
apparmor (Ubuntu)
Won't Fix
Undecided
Unassigned
Saucy
Won't Fix
Undecided
Unassigned
Trusty
Won't Fix
Undecided
John Johansen
apparmor-easyprof-ubuntu (Ubuntu)
Fix Released
Undecided
Unassigned
Saucy
Won't Fix
Undecided
Unassigned
Trusty
Won't Fix
Undecided
Unassigned
qtwebkit-opensource-src (Ubuntu)
Won't Fix
High
Cris Dywan
Saucy
Won't Fix
High
Cris Dywan
Trusty
Won't Fix
Undecided
Unassigned

Bug Description

Ubuntu SDK applications that use webkit webviews create shared memory files as /run/shm/WK2SharedMemory*. This results in an AppArmor rule like the following:
owner /{,run/}shm/WK2SharedMemory.[0-9]* rwk,

But this rule is too lenient because a malicious app could enumerate these files and attack shared memory of other applications. Therefore, these paths need to be made application specific. One suggestion is to use something like shm_open("%s-WK2SharedMemory" % <app_pkgname>") instead of shm_open("WK2SharedMemory") where '<app_pkgname>' is the "name" field in the Click manifest (see bug #1197037 for details).

Future work will allow for AppArmor IPC to handle this without modifications to the SDK, but this may be 14.04 so we need a solution for 13.10. I recommend fixing this bug after the other SDK bugs I filed today, then talk to the security team before fixing this bug since it is possible we will have something for 13.10 that doesn't require altering the SDK.

See original description
Jamie Strandboge (jdstrand)
description: updated
description: updated
tags: added: application-confinement
Jamie Strandboge (jdstrand)
Changed in apparmor (Ubuntu):
status: New → In Progress
assignee: nobody → John Johansen (jjohansen)
description: updated
Changed in apparmor (Ubuntu):
milestone: none → later
description: updated
Juhapekka Piiroinen (juhapekka-piiroinen)
Changed in ubuntu-qtcreator-plugins:
assignee: nobody → Timo Jyrinki (timo-jyrinki)
Juhapekka Piiroinen (juhapekka-piiroinen)
affects: ubuntu-qtcreator-plugins → ubuntu-ui-toolkit
Jamie Strandboge (jdstrand)
Changed in ubuntu-ui-toolkit:
assignee: Timo Jyrinki (timo-jyrinki) → nobody
Changed in qtwebkit-opensource-src (Ubuntu):
assignee: nobody → Christian Dywan (kalikiana)
Jamie Strandboge (jdstrand)
Changed in apparmor-easyprof-ubuntu (Ubuntu Saucy):
status: New → Triaged
Changed in apparmor (Ubuntu Saucy):
assignee: John Johansen (jjohansen) → nobody
milestone: later → none
status: In Progress → Won't Fix
Jamie Strandboge (jdstrand)
Changed in qtwebkit-opensource-src (Ubuntu Saucy):
importance: Undecided → High
Jamie Strandboge (jdstrand)
description: updated
Jamie Strandboge (jdstrand)
Changed in apparmor-easyprof-ubuntu (Ubuntu Saucy):
status: Triaged → Won't Fix
chenwencai (13738772233-a)
Changed in apparmor-easyprof-ubuntu (Ubuntu):
assignee: nobody → chenwencai (13738772233-a)
Changed in apparmor-easyprof-ubuntu (Ubuntu Saucy):
assignee: nobody → chenwencai (13738772233-a)
Revision history for this message
Dmitry Shachnev (mitya57) wrote :

Don't assign yourself to the bug unless you are working on the fix.

Changed in apparmor-easyprof-ubuntu (Ubuntu):
assignee: chenwencai (13738772233-a) → nobody
Changed in apparmor-easyprof-ubuntu (Ubuntu Saucy):
assignee: chenwencai (13738772233-a) → nobody
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in qtwebkit-opensource-src (Ubuntu):
status: New → Confirmed
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

I'm going to mark the qtwebkit-opensource-src task for Trusty as Won't Fix since SDK applications will be expected to use Oxide.

Changed in qtwebkit-opensource-src (Ubuntu Saucy):
status: Confirmed → Won't Fix
Changed in qtwebkit-opensource-src (Ubuntu Trusty):
status: Confirmed → Won't Fix
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

We are transitioning to Oxide so fixing webkit is no longer needed.

Changed in apparmor-easyprof-ubuntu (Ubuntu Trusty):
status: Confirmed → Won't Fix
Changed in apparmor-easyprof-ubuntu (Ubuntu):
status: Triaged → Won't Fix
Changed in qtwebkit-opensource-src (Ubuntu):
status: Confirmed → Won't Fix
Changed in apparmor (Ubuntu Trusty):
status: In Progress → Won't Fix
no longer affects: ubuntu-ui-toolkit
Jamie Strandboge (jdstrand)
Changed in apparmor (Ubuntu):
assignee: John Johansen (jjohansen) → Jamie Strandboge (jdstrand)
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package apparmor-easyprof-ubuntu - 1.2.28

---------------
apparmor-easyprof-ubuntu (1.2.28) utopic; urgency=medium

  * ubuntu/calendar: add missing rule for org.freedesktop.DBus.Introspectable
    on path /com/canonical/indicator/datetime/AlarmProperties (LP: #1374623)
  * ubuntu/1.[12]/ubuntu-{sdk,webapp}: remove no longer needed rule for
    /{,run/}shm/shm/WK2SharedMemory.[0-9]* (LP: #1197060)
  * ubuntu/microphone:
    - add temporary write access to /{run,dev}/shm/shmfd-* for QAudioRecorder
      (LP: #1370218)
    - explicitly deny read on /dev/
  * ubuntu/1.1/webview: allow dbus send to RequestName on org.freedesktop.DBus
    webapp-container needs corresponding 'bind' call on
    org.freedesktop.Application, which we block elsewhere. webapp-container
    shouldn't be doing this under confinement, but we allow this rule in
    content_exchange, so just allow it to avoid confusion. (LP: #1357371)
 -- Jamie Strandboge <email address hidden> Fri, 26 Sep 2014 15:21:37 -0500

Changed in apparmor-easyprof-ubuntu (Ubuntu):
status: Won't Fix → Fix Released
Jamie Strandboge (jdstrand)
Changed in apparmor (Ubuntu):
assignee: Jamie Strandboge (jdstrand) → nobody
importance: Undecided → Medium
Jamie Strandboge (jdstrand)
tags: added: aa-feature
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

The apparmor portion of this bug is being tracked in 1370218

Changed in apparmor (Ubuntu):
status: In Progress → Won't Fix
importance: Medium → Undecided
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Related blueprints

Remote bug watches

Bug watches keep track of this bug in other bug trackers.