firefox binary file name making apparmor ineffective
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
apparmor (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: firefox-3.0
Hi,
I usually use apparmor on some of my machines to protect against flaws in firefox, but was recently surprised that firefox was not covered by the apparmor profile anymore.
The reason is that the binary is named /usr/lib/
Even if I create a new profile for /usr/lib/
Unfortunately, this has the effect that a security update can turn apparmor protection off and thus make the system less secure.
For an attacker this means that a good time to attack ubuntu systems through firefox is not - as expected - before a security update happened, but after the security update, because then most firefoxes will be unprotected.
regards
Thank you for using Ubuntu and taking the time to report a bug.
You are quite correct in your assessment, and the flaw is in AppArmor itself. The Ubuntu development release (Karmic) has fixes to make binary filename globbing work, though I think you should be able to get this to work in Ubuntu 9.04 (Jaunty) if you specify the filename like so:
/usr/lib/ firefox- 3.0.*/firefox {
...
}
In fact, firefox-3.5 (the default in Karmic) now has an opt-in profile that you can use that takes advantage of this. As such, I am going to mark this as 'Fix Released'.