Firefox profile has too much access
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Mozilla Firefox |
New
|
Undecided
|
Unassigned |
Bug Description
usr.bin.firefox in Kubuntu 16.04.1 profile has some fine grained rules defined concerning home directory, such as:
owner @{HOME}/ r,
...
owner @{HOME}
owner @{HOME}
owner @{HOME}
owner @{HOME}
owner @{HOME}
owner @{HOME}/Downloads/ r,
owner @{HOME}/Downloads/* rw,
owner @{HOME}/Public/ r,
owner @{HOME}/Public/* r,
...
It *looks* strict at first sight, but I still can read some arbitrary files from my home (sub)directory, such as
/home/vincas/
/home/vincas/
It *does* protect .ssh/id_rsa.pub and such, for example, so denies kinda works from "private-
I've checked apparor_parser -d -d, I can see some @{HOME}/** rw... rules, though it looks like it should belong to browser_java, browser_openjdk subprofiles, but it looks like if they are "leaking" somehow for main process.
I'm attaching apparmor_parser -d -d and -p outputs.
affects: | apparmor-profiles → firefox |
This comes from the inclusion of abstractions/ ubuntu- browsers. d/firefox that in turn includes /etc/apparmor. d/abstractions/ ubuntu- browsers. d/user- files:
# Allow read to all files user has DAC access to and write access to all
# files owned by the user in $HOME.
@{HOME}/ r,
@{HOME}/** r,
owner @{HOME}/** w,