please support versionless APP_ID caching/precaching
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
trust-store |
Fix Released
|
Undecided
|
Thomas Voß | ||
trust-store (Ubuntu) |
Fix Released
|
Critical
|
Thomas Voß |
Bug Description
The trust-store currently caches the full APP_ID. For most trusted helpers this will likely result in too many prompts (eg, an app that is frequently updated will require users to answer questions they previously answered). In addition to a less than ideal user experience, it also desensitizes the user wrt the prompting. We should strive to prompt just enough and at the right time.
Per the security team, trust-store should by default use versionless caching, with the option to use the version for those trusted helpers that may need it. As such, if the APP_ID is '<pkgname>
Note: versionless caching does mean that an earlier version of an app might have one set of permissions and then a later version might have expanded permissions which could somehow expose the now cached access to information. Users aren't expected to review app security policy though and as such, prompting on version doesn't actually solve this. Users sensitive to this issue are in a position to revoke trust-store permissions and to apply policy group overrides. If it is determined that versionless caching with expanding future permissions is a real concern, the trust-store can be adjusted to cache the click security policy from /var/lib/
Related branches
- PS Jenkins bot: Needs Fixing (continuous-integration)
- Marcus Tomlinson (community): Approve
- Seth Arnold (community): Approve
-
Diff: 444 lines (+263/-32)9 files modifieddebian/libtrust-store1.symbols (+6/-0)
src/CMakeLists.txt (+4/-0)
src/core/trust/app_id_formatting_trust_agent.cpp (+54/-0)
src/core/trust/app_id_formatting_trust_agent.h (+45/-0)
src/core/trust/daemon.cpp (+4/-3)
tests/CMakeLists.txt (+19/-0)
tests/app_id_formatting_trust_agent_test.cpp (+78/-0)
tests/cached_agent_test.cpp (+3/-29)
tests/the.h (+50/-0)
tags: | added: rtm14 |
Changed in trust-store (Ubuntu): | |
importance: | Undecided → Critical |
Changed in trust-store: | |
assignee: | nobody → Thomas Voß (thomas-voss) |
Changed in trust-store (Ubuntu): | |
assignee: | nobody → Thomas Voß (thomas-voss) |
status: | New → In Progress |
Changed in trust-store: | |
status: | New → In Progress |
Changed in trust-store: | |
status: | In Progress → Fix Released |
This bug was fixed in the package trust-store - 1.0.0+14. 10.20140826. 1-0ubuntu1
--------------- 14.10.20140826. 1-0ubuntu1) utopic; urgency=low
trust-store (1.0.0+
[ Ubuntu daily release ] libtrust- store1. symbols: auto-update to released version
* debian/
[ thomas-voss ]
* Add an agent implementation that strips off version information, and
leaves other information intact. (LP: #1356343)
-- Ubuntu daily release <email address hidden> Tue, 26 Aug 2014 15:11:18 +0000