HTTPS-Everywhere add-on causes aa-notify bug of deny messages.

Bug #965718 reported by Devin on 2012-03-26
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
apparmor (Ubuntu)
Undecided
Unassigned

Bug Description

I get messages no matter what web page I'm on after exactly every minute that look something like this, from my “/var/log/kern.log” LogFile,

type=AVC msg=audit(1332717987.622:214): apparmor="DENIED" operation="open" parent=1 profile="/usr/lib/firefox-11.0/firefox{,*[^s][^h]}" name="/proc/2011/net/dev" pid=2030 comm="firefox" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
type=AVC msg=audit(1332718047.625:215): apparmor="DENIED" operation="open" parent=1 profile="/usr/lib/firefox-11.0/firefox{,*[^s][^h]}" name="/proc/2011/net/dev" pid=2030 comm="firefox" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
type=AVC msg=audit(1332718107.625:216): apparmor="DENIED" operation="open" parent=1 profile="/usr/lib/firefox-11.0/firefox{,*[^s][^h]}" name="/proc/2011/net/dev" pid=2030 comm="firefox" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
type=AVC msg=audit(1332718167.624:217): apparmor="DENIED" operation="open" parent=1 profile="/usr/lib/firefox-11.0/firefox{,*[^s][^h]}" name="/proc/2011/net/dev" pid=2030 comm="firefox" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0

After every restart of Firefox the proc folder changes in the message logs. These access denied aa-notify messages do not appear when I disable the HTTPS-Everywhere add-on from EFF.org .

Here are my specs,
"
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=11.10
DISTRIB_CODENAME=oneiric
DISTRIB_DESCRIPTION="Ubuntu 11.10"
Linux username 3.0.0-16-generic #29-Ubuntu SMP Tue Feb 14 12:49:42 UTC 2012 i686 athlon i386 GNU/Linux
firefox:
  Installed: 11.0+build1-0ubuntu0.11.10.1
  Candidate: 11.0+build1-0ubuntu0.11.10.1
  Version table:
 *** 11.0+build1-0ubuntu0.11.10.1 0
        500 http://us.archive.ubuntu.com/ubuntu/ oneiric-updates/main i386 Packages
        500 http://security.ubuntu.com/ubuntu/ oneiric-security/main i386 Packages
        100 /var/lib/dpkg/status
     7.0.1+build1+nobinonly-0ubuntu2 0
        500 http://us.archive.ubuntu.com/ubuntu/ oneiric/main i386 Packages
"

Thank you.

Devin (8basepairs) on 2012-03-26
description: updated
tags: added: apparmor
description: updated
Devin (8basepairs) on 2012-03-26
tags: added: aa-notify adobe firefox flash play proc video videos
Devin (8basepairs) wrote :

I found out that the proc part of the bug only happens when I have HTTPS-Everywhere add-on enabled. It appears these are two discrete bugs. Rather, one bug (/proc folder access denied to HTTPS-Everywhere) and one wishlist ("/dev/zero m," line addition to the firefox profile for apparmor to restore flash video functionality while running the apparmor sandbox). Could the wishlist aspect be included in the default apparmor firefox profiles in the future? Is the proc bug a bug with apparmor or an intrusion by HTTPS-Everywhere? If it is a security risk, is it an attack from a Mitm alteration to the EFF.org website to make me download a tampered copy? If it is not a security risk, is it still a bug with apparmor or HTTPS-Everywhere and does apparmor need to provide access in order for the add-on to function normally?

Devin (8basepairs) on 2012-03-26
description: updated
summary: - Denied to "/dev/zero/ m," and "/dev/nvidiactl rw,"
+ HTTPS-Everywhere add-on causes aa-notify bug of deny messages.
Devin (8basepairs) wrote :

Comment #1's references to "/dev/zero m," is only understandable before I updated my question to not include it after I realized (as seen in Comment #1) that it was a separate issue. I have since filed another question to deal with it separately as a wishlist item too.

Devin (8basepairs) on 2012-03-29
tags: added: eff https-everywhere profile
removed: adobe flash play video videos
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers