apparmor profile needs review/improvement
Bug #1330430 reported by
Klaus Bielke
This bug report is a duplicate of:
Bug #1096837: [apparmor] Evince does not save files to external disks unless I rename them with the .pdf extension.
Edit
Remove
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
evince (Ubuntu) |
Fix Released
|
Low
|
Unassigned |
Bug Description
Apparmor rules for evince forbid opening a PDF from an external drive mounted under /media/… unless its filename ends in '.pdf'.
Same file will be opened if it is copied to /home/… or renamed to a filename tailing in '.pdf' on the external drive.
See bugs #1096837 and #1327161.
On a GNU/Linux system like Ubuntu these rules are useless because filetype is not determined by an extension. Checking the filename adds no security. It smells like snakeoil to me.
Please review the apparmor profile. On an GNU/Linux system opening a PDF should not denied on filename.
This bug affects Ubuntu versions 14.04 LTS, 12.04 LTS and 10.04 LTS.
Related branches
description: | updated |
information type: | Private Security → Public |
description: | updated |
tags: | added: apparmor |
Changed in evince (Ubuntu): | |
importance: | Undecided → Low |
To post a comment you must log in.
Status changed to 'Confirmed' because the bug affects multiple users.