Comment 4 for bug 1662501
Revision history for this message
| vvhk (vvhk-deactivatedaccount-deactivatedaccount) wrote Re: AppArmor profile for ubuntu-browsers allows too much read access | #4 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
e3ace39
(Get the code!)
Jeremy,
that would not cover the general access case I was talking about. Please note, this is not a personal bug that I can't solve. I've modified my Firefox profile to address these issues as much as I can (as much as capable but not omnipotent AppArmor can do).
I'm concerned about defaults and communicating the issue to users. I just think that in this day and age, the (in)security situation is so severe that we must no longer consider making systems that "even my grandma can easily use" without also considering a security profile that "even my grandma should be aware of and tweak it because it's simply necessary".
The whole point of M in MAC is, after all, to explicitly grant what is doable in otherwise default-deny context. "@{HOME}/** r" flies in the face of it (and personally I think "owner" should be added there to, despite the fact that DAC is consulted first. Least Privilege Policy.).
I'll admit that I don't know how the snaps interface is designed to work eventually, primarily because it's so new and I haven't had a chance to check every aspect of it. But, if it will be possible to allow a restriction like "no random $HOME access except ~/Downloads and ~/Public" with a switch of a checkbox or snap plug, then it's job well done while balancing usability and security.