Comment 0 for bug 698194

Binary package hint: apparmor

The usr.bin.evince AppArmor profile includes the line "@{HOME}/** rw", which gives read/write access to the user's home directory. Some files are explicitly denied by including the "abstractions/private-files" profile, which blocks write access to files like .profile and .bash_profile. However, it's still possible to write files to ~/.config/autostart/, which means that an attacker exploiting evince could drop a desktop shortcut into that directory which would then be executed the next time the user logs in to the GUI.

I think the best way to fix this would be deny writes to anything in ~/.config in the abstractions/private-files profile.