Activity log for bug #1197056

Date Who What changed Old value New value Message
2013-07-02 17:24:38 Jamie Strandboge bug added bug
2013-07-02 17:24:49 Jamie Strandboge bug task added apparmor-easyprof-ubuntu (Ubuntu)
2013-07-02 17:33:55 Jamie Strandboge tags application-confinement
2013-07-02 17:34:16 Jamie Strandboge summary SDK webview applications should not use ~/.local/share/Qt Project/QtQmlViewer/.QtWebKit/ for its databases SDK webview applications should not use ~/.local/share/Qt Project/QtQmlViewer/.QtWebKit/ for their databases
2013-07-02 17:34:31 Jamie Strandboge description Ubuntu SDK applications that use webkit webviews store webkit cache data in places like this: ~/.local/share/Qt Project/QtQmlViewer/.QtWebKit/WebpageIcons.db ~/.local/share/Qt Project/QtQmlViewer/.QtWebKit/cookies.db This results in AppArmor rules like the following: owner "@{HOME}/.local/share/Qt Project/QtQmlViewer/.QtWebKit/WebpageIcons.db" rwk, owner "@{HOME}/.local/share/Qt Project/QtQmlViewer/.QtWebKit/cookies.db" rwk, But these rules are too lenient because this could disclose data to a malicious app and a malicious app could poison the databases. Therefore, these paths need to be made application specific. Specifically: somewhere in $XDG_DATA_DIR/<app id> where '<app id>' will ultimately be the reverse domain name with Click packages (see bug #1197037 for details on '<app id>'). Ubuntu SDK applications that use webkit webviews store webkit databases in places like this: ~/.local/share/Qt Project/QtQmlViewer/.QtWebKit/WebpageIcons.db ~/.local/share/Qt Project/QtQmlViewer/.QtWebKit/cookies.db This results in AppArmor rules like the following: owner "@{HOME}/.local/share/Qt Project/QtQmlViewer/.QtWebKit/WebpageIcons.db" rwk, owner "@{HOME}/.local/share/Qt Project/QtQmlViewer/.QtWebKit/cookies.db" rwk, But these rules are too lenient because this could disclose data to a malicious app and a malicious app could poison the databases. Therefore, these paths need to be made application specific. Specifically: somewhere in $XDG_DATA_DIR/<app id> where '<app id>' will ultimately be the reverse domain name with Click packages (see bug #1197037 for details on '<app id>').
2013-07-09 08:02:42 Juhapekka Piiroinen ubuntu-qtcreator-plugins: assignee Timo Jyrinki (timo-jyrinki)
2013-07-22 18:35:59 Alberto Mardegan bug added subscriber Alberto Mardegan
2013-07-31 10:13:08 Juhapekka Piiroinen affects ubuntu-qtcreator-plugins ubuntu-ui-toolkit
2013-07-31 18:43:51 Jamie Strandboge description Ubuntu SDK applications that use webkit webviews store webkit databases in places like this: ~/.local/share/Qt Project/QtQmlViewer/.QtWebKit/WebpageIcons.db ~/.local/share/Qt Project/QtQmlViewer/.QtWebKit/cookies.db This results in AppArmor rules like the following: owner "@{HOME}/.local/share/Qt Project/QtQmlViewer/.QtWebKit/WebpageIcons.db" rwk, owner "@{HOME}/.local/share/Qt Project/QtQmlViewer/.QtWebKit/cookies.db" rwk, But these rules are too lenient because this could disclose data to a malicious app and a malicious app could poison the databases. Therefore, these paths need to be made application specific. Specifically: somewhere in $XDG_DATA_DIR/<app id> where '<app id>' will ultimately be the reverse domain name with Click packages (see bug #1197037 for details on '<app id>'). Ubuntu SDK applications that use webkit webviews store webkit databases in places like this: ~/.local/share/Qt Project/QtQmlViewer/.QtWebKit/WebpageIcons.db ~/.local/share/Qt Project/QtQmlViewer/.QtWebKit/cookies.db This results in AppArmor rules like the following: owner "@{HOME}/.local/share/Qt Project/QtQmlViewer/.QtWebKit/WebpageIcons.db" rwk, owner "@{HOME}/.local/share/Qt Project/QtQmlViewer/.QtWebKit/cookies.db" rwk, But these rules are too lenient because this could disclose data to a malicious app and a malicious app could poison the databases. Therefore, these paths need to be made application specific. Specifically: somewhere in $XDG_DATA_HOME/<app id> where '<app id>' will ultimately be the reverse domain name with Click packages (see bug #1197037 for details on '<app id>').
2013-08-01 06:30:24 Timo Jyrinki bug task added qtdeclarative-opensource-src (Ubuntu)
2013-08-15 23:09:22 Jamie Strandboge ubuntu-ui-toolkit: assignee Timo Jyrinki (timo-jyrinki)
2013-08-15 23:09:29 Jamie Strandboge qtdeclarative-opensource-src (Ubuntu): assignee Christian Dywan (kalikiana)
2013-08-23 18:46:35 Jamie Strandboge bug task added cordova-ubuntu
2013-08-23 18:47:00 Jamie Strandboge summary SDK webview applications should not use ~/.local/share/Qt Project/QtQmlViewer/.QtWebKit/ for their databases SDK webview applications should not use ~/.local/share/*/.QtWebKit/ for their databases
2013-08-23 18:48:20 Jamie Strandboge description Ubuntu SDK applications that use webkit webviews store webkit databases in places like this: ~/.local/share/Qt Project/QtQmlViewer/.QtWebKit/WebpageIcons.db ~/.local/share/Qt Project/QtQmlViewer/.QtWebKit/cookies.db This results in AppArmor rules like the following: owner "@{HOME}/.local/share/Qt Project/QtQmlViewer/.QtWebKit/WebpageIcons.db" rwk, owner "@{HOME}/.local/share/Qt Project/QtQmlViewer/.QtWebKit/cookies.db" rwk, But these rules are too lenient because this could disclose data to a malicious app and a malicious app could poison the databases. Therefore, these paths need to be made application specific. Specifically: somewhere in $XDG_DATA_HOME/<app id> where '<app id>' will ultimately be the reverse domain name with Click packages (see bug #1197037 for details on '<app id>'). Ubuntu SDK applications that use webkit webviews store webkit databases in places like this: ~/.local/share/Qt Project/QtQmlViewer/.QtWebKit/WebpageIcons.db ~/.local/share/Qt Project/QtQmlViewer/.QtWebKit/cookies.db This results in AppArmor rules like the following: owner "@{HOME}/.local/share/Qt Project/QtQmlViewer/.QtWebKit/WebpageIcons.db" rwk, owner "@{HOME}/.local/share/Qt Project/QtQmlViewer/.QtWebKit/cookies.db" rwk, But these rules are too lenient because this could disclose data to a malicious app and a malicious app could poison the databases. Therefore, these paths need to be made application specific. Specifically: somewhere in $XDG_DATA_HOME/<app id> where '<app id>' will ultimately be the reverse domain name with Click packages (see bug #1197037 for details on '<app id>'). The same bug affects cordova-ubuntu, but writes are to @{HOME}/.local/share/cordova-ubuntu-2.8/.QtWebKit resulting in these too-lenient rules: owner "@{HOME}/.local/share/cordova-ubuntu-2.8/.QtWebKit/WebpageIcons.db" rwk, owner "@{HOME}/.local/share/cordova-ubuntu-2.8/.QtWebKit/cookies.db" rwk, owner "@{HOME}/.local/share/cordova-ubuntu-2.8/.QtWebKit/LocalStorage/" r,
2013-08-23 18:52:11 Pat McGowan cordova-ubuntu: importance Undecided High
2013-08-23 18:52:11 Pat McGowan cordova-ubuntu: assignee Alexandre Abreu (abreu-alexandre)
2013-08-23 18:53:24 Pat McGowan cordova-ubuntu: assignee Alexandre Abreu (abreu-alexandre) Maxim Ermilov (zaspire)
2013-08-23 19:36:23 Jamie Strandboge description Ubuntu SDK applications that use webkit webviews store webkit databases in places like this: ~/.local/share/Qt Project/QtQmlViewer/.QtWebKit/WebpageIcons.db ~/.local/share/Qt Project/QtQmlViewer/.QtWebKit/cookies.db This results in AppArmor rules like the following: owner "@{HOME}/.local/share/Qt Project/QtQmlViewer/.QtWebKit/WebpageIcons.db" rwk, owner "@{HOME}/.local/share/Qt Project/QtQmlViewer/.QtWebKit/cookies.db" rwk, But these rules are too lenient because this could disclose data to a malicious app and a malicious app could poison the databases. Therefore, these paths need to be made application specific. Specifically: somewhere in $XDG_DATA_HOME/<app id> where '<app id>' will ultimately be the reverse domain name with Click packages (see bug #1197037 for details on '<app id>'). The same bug affects cordova-ubuntu, but writes are to @{HOME}/.local/share/cordova-ubuntu-2.8/.QtWebKit resulting in these too-lenient rules: owner "@{HOME}/.local/share/cordova-ubuntu-2.8/.QtWebKit/WebpageIcons.db" rwk, owner "@{HOME}/.local/share/cordova-ubuntu-2.8/.QtWebKit/cookies.db" rwk, owner "@{HOME}/.local/share/cordova-ubuntu-2.8/.QtWebKit/LocalStorage/" r, Ubuntu SDK applications that use webkit webviews store webkit databases in places like this: ~/.local/share/Qt Project/QtQmlViewer/.QtWebKit/WebpageIcons.db ~/.local/share/Qt Project/QtQmlViewer/.QtWebKit/cookies.db This results in AppArmor rules like the following: owner "@{HOME}/.local/share/Qt Project/QtQmlViewer/.QtWebKit/WebpageIcons.db" rwk, owner "@{HOME}/.local/share/Qt Project/QtQmlViewer/.QtWebKit/cookies.db" rwk, But these rules are too lenient because this could disclose data to a malicious app and a malicious app could poison the databases. Therefore, these paths need to be made application specific. Specifically: somewhere in $XDG_DATA_HOME/<app id> where '<app id>' will ultimately be the reverse domain name with Click packages (see bug #1197037 for details on '<app id>'). The same bug affects cordova-ubuntu, but writes are to @{HOME}/.local/share/cordova-ubuntu-2.8/.QtWebKit resulting in these too-lenient rules:   owner "@{HOME}/.local/share/cordova-ubuntu*/.QtWebKit/WebpageIcons.db" rwk,   owner "@{HOME}/.local/share/cordova-ubuntu*/.QtWebKit/cookies.db" rwk,   owner "@{HOME}/.local/share/cordova-ubuntu*/.QtWebKit/LocalStorage/" r, owner "@{HOME}/.local/share/cordova-ubuntu*/.QtWebKit/LocalStorage/**" rwk,
2013-09-04 03:27:06 Jamie Strandboge nominated for series Ubuntu Saucy
2013-09-04 03:27:06 Jamie Strandboge bug task added qtdeclarative-opensource-src (Ubuntu Saucy)
2013-09-04 03:27:06 Jamie Strandboge bug task added apparmor-easyprof-ubuntu (Ubuntu Saucy)
2013-09-04 03:27:14 Jamie Strandboge apparmor-easyprof-ubuntu (Ubuntu Saucy): status New Triaged
2013-09-04 11:18:05 Jamie Strandboge qtdeclarative-opensource-src (Ubuntu Saucy): importance Undecided High
2013-09-16 15:18:55 Jamie Strandboge description Ubuntu SDK applications that use webkit webviews store webkit databases in places like this: ~/.local/share/Qt Project/QtQmlViewer/.QtWebKit/WebpageIcons.db ~/.local/share/Qt Project/QtQmlViewer/.QtWebKit/cookies.db This results in AppArmor rules like the following: owner "@{HOME}/.local/share/Qt Project/QtQmlViewer/.QtWebKit/WebpageIcons.db" rwk, owner "@{HOME}/.local/share/Qt Project/QtQmlViewer/.QtWebKit/cookies.db" rwk, But these rules are too lenient because this could disclose data to a malicious app and a malicious app could poison the databases. Therefore, these paths need to be made application specific. Specifically: somewhere in $XDG_DATA_HOME/<app id> where '<app id>' will ultimately be the reverse domain name with Click packages (see bug #1197037 for details on '<app id>'). The same bug affects cordova-ubuntu, but writes are to @{HOME}/.local/share/cordova-ubuntu-2.8/.QtWebKit resulting in these too-lenient rules:   owner "@{HOME}/.local/share/cordova-ubuntu*/.QtWebKit/WebpageIcons.db" rwk,   owner "@{HOME}/.local/share/cordova-ubuntu*/.QtWebKit/cookies.db" rwk,   owner "@{HOME}/.local/share/cordova-ubuntu*/.QtWebKit/LocalStorage/" r, owner "@{HOME}/.local/share/cordova-ubuntu*/.QtWebKit/LocalStorage/**" rwk, Ubuntu SDK applications that use webkit webviews store webkit databases in places like this: ~/.local/share/Qt Project/QtQmlViewer/.QtWebKit/WebpageIcons.db ~/.local/share/Qt Project/QtQmlViewer/.QtWebKit/cookies.db This results in AppArmor rules like the following: owner "@{HOME}/.local/share/Qt Project/QtQmlViewer/.QtWebKit/WebpageIcons.db" rwk, owner "@{HOME}/.local/share/Qt Project/QtQmlViewer/.QtWebKit/cookies.db" rwk, But these rules are too lenient because this could disclose data to a malicious app and a malicious app could poison the databases. Therefore, these paths need to be made application specific. Specifically webbrowser-app should be adjusted to use $XDG_DATA_HOME/<app_pkgname> for webapps, where '<app_pkgname>' is the "name" field in the Click manifest (see bug #1197037 for details). The same bug affects cordova-ubuntu, but writes are to @{HOME}/.local/share/cordova-ubuntu-2.8/.QtWebKit resulting in these too-lenient rules:   owner "@{HOME}/.local/share/cordova-ubuntu*/.QtWebKit/WebpageIcons.db" rwk,   owner "@{HOME}/.local/share/cordova-ubuntu*/.QtWebKit/cookies.db" rwk,   owner "@{HOME}/.local/share/cordova-ubuntu*/.QtWebKit/LocalStorage/" r,   owner "@{HOME}/.local/share/cordova-ubuntu*/.QtWebKit/LocalStorage/**" rwk,
2013-09-16 16:00:58 Pat McGowan bug added subscriber Pat McGowan
2013-09-17 09:20:49 Alan Pope 🍺🐧🐱 🦄 bug added subscriber Alan Pope ㋛
2013-09-17 11:03:28 Cris Dywan branch linked lp:~kalikiana/ubuntu-ui-toolkit/appname
2013-09-23 18:42:36 PS Jenkins bot ubuntu-ui-toolkit: status New Fix Committed
2013-09-25 10:20:49 Launchpad Janitor ubuntu-ui-toolkit (Ubuntu Saucy): status New Fix Released
2013-09-26 18:29:48 Florian Boucault ubuntu-ui-toolkit: status Fix Committed Fix Released
2013-09-26 21:35:55 Jamie Strandboge apparmor-easyprof-ubuntu (Ubuntu Saucy): status Triaged In Progress
2013-09-26 21:35:59 Jamie Strandboge apparmor-easyprof-ubuntu (Ubuntu Saucy): importance Undecided High
2013-09-26 21:36:01 Jamie Strandboge apparmor-easyprof-ubuntu (Ubuntu Saucy): assignee Jamie Strandboge (jdstrand)
2013-09-26 21:36:36 Jamie Strandboge qtdeclarative-opensource-src (Ubuntu Saucy): status New Won't Fix
2013-10-08 00:03:34 Launchpad Janitor branch linked lp:ubuntu/saucy-proposed/apparmor-easyprof-ubuntu
2013-10-08 00:29:47 Launchpad Janitor apparmor-easyprof-ubuntu (Ubuntu Saucy): status In Progress Fix Released
2013-10-11 17:36:44 Jamie Strandboge bug task deleted qtdeclarative-opensource-src (Ubuntu)
2013-10-11 17:37:02 Jamie Strandboge bug task deleted qtdeclarative-opensource-src (Ubuntu Saucy)
2013-10-25 16:01:29 Jamie Strandboge bug task added cordova-ubuntu (Ubuntu)
2013-10-25 16:01:47 Jamie Strandboge nominated for series Ubuntu Trusty
2013-10-25 16:01:47 Jamie Strandboge bug task added ubuntu-ui-toolkit (Ubuntu Trusty)
2013-10-25 16:01:47 Jamie Strandboge bug task added apparmor-easyprof-ubuntu (Ubuntu Trusty)
2013-10-25 16:01:47 Jamie Strandboge bug task added cordova-ubuntu (Ubuntu Trusty)
2013-10-25 20:46:15 Jamie Strandboge cordova-ubuntu (Ubuntu Trusty): importance Undecided High
2013-10-25 20:46:15 Jamie Strandboge cordova-ubuntu (Ubuntu Trusty): status New Confirmed
2013-10-25 20:47:25 Jamie Strandboge apparmor-easyprof-ubuntu (Ubuntu Trusty): status Fix Released Triaged
2013-10-25 21:15:51 Jamie Strandboge summary SDK webview applications should not use ~/.local/share/*/.QtWebKit/ for their databases SDK and cordova webview applications should not use ~/.local/share/*/.QtWebKit/ for their databases
2013-10-25 21:16:07 Jamie Strandboge cordova-ubuntu: status New Confirmed
2014-01-31 15:35:09 Alexandre Abreu bug task added ubuntu-html5-theme
2014-01-31 15:35:37 Alexandre Abreu branch linked lp:~abreu-alexandre/ubuntu-html5-theme/fix-applicationname
2014-01-31 16:23:41 PS Jenkins bot ubuntu-html5-theme: status New Fix Committed
2014-02-01 01:37:19 Launchpad Janitor branch linked lp:ubuntu/trusty-proposed/ubuntu-html5-theme
2014-02-03 18:10:04 Launchpad Janitor ubuntu-html5-theme (Ubuntu Trusty): status New Fix Released
2014-02-03 22:20:24 Jamie Strandboge apparmor-easyprof-ubuntu (Ubuntu Trusty): status Triaged In Progress
2014-02-05 22:44:24 Launchpad Janitor branch linked lp:ubuntu/trusty-proposed/apparmor-easyprof-ubuntu
2014-02-05 23:32:48 Launchpad Janitor apparmor-easyprof-ubuntu (Ubuntu Trusty): status In Progress Fix Released
2014-03-30 23:43:48 Adnane Belmadiaf ubuntu-html5-theme: status Fix Committed Fix Released
2014-04-25 09:08:05 Maxim Ermilov cordova-ubuntu: status Confirmed Fix Released
2014-10-08 16:28:17 Jamie Strandboge cordova-ubuntu (Ubuntu Trusty): status Confirmed Won't Fix
2015-01-13 17:22:37 Jamie Strandboge cordova-ubuntu (Ubuntu): status Confirmed Fix Released