gnome thumbnailers should have an apparmor profile

Bug #715874 reported by Jamie Strandboge
48
This bug affects 8 people
Affects Status Importance Assigned to Milestone
gnome-desktop3 (Ubuntu)
Triaged
Wishlist
Unassigned
gnome-utils (Ubuntu)
Triaged
Wishlist
Unassigned
totem (Ubuntu)
Triaged
Wishlist
Unassigned

Bug Description

Binary package hint: gnome-control-center

Nautilus normally uses gnome-thumbnail-font, to provide font previews. Eg:
$ gconftool-2 -g /desktop/gnome/thumbnailers/application@x-font-ttf/enable
true
$ gconftool-2 -g /desktop/gnome/thumbnailers/application@x-font-ttf/command
gnome-thumbnail-font %u %o

If a flaw is discovered in a font library or Gnome and a user navigates to a directory that has a malicious font file, gnome-thumbnail-font could be used to execute arbitrary code, write out to files or leak information. Providing an apparmor profile for gnome-thumbnail-font would be a good step towards proactively protecting the user from this sort of attack.

The same can be said for other thumbnailers. Nautilus also uses totem-video-thumbnail and evince-thumbnailer (evince-thumbnailer has an apparmor profile already). For images, nautilus uses gdk-pixbuf routines via gnome-desktop, but these can be altered to use evince-thumbnailer by installing schema files for the various image mime-types and updating gnome-desktop to not fallback to gdk-pixbuf on thumbnail script error.

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Attached is a preliminary profile to achieve this. It was tested with various font files based on http://gfontview.sourceforge.net/features.html as well as with nautilus. It requires more testing before inclusion in Ubuntu. To try it out, copy it to /etc/apparmor.d/usr.bin.gnome-thumbnail-font and then perform:
$ sudo apparmor_parser -r /etc/apparmor.d/usr.bin.gnome-thumbnail-font

Feedback is welcome.

Changed in gnome-control-center (Ubuntu):
assignee: nobody → Jamie Strandboge (jdstrand)
importance: Undecided → Wishlist
status: New → In Progress
tags: added: apparmor
summary: - should have apparmor profile for gnome-thumbnail-font
+ gnome thumbnailers should have an apparmor profile
Changed in totem (Ubuntu):
importance: Undecided → Wishlist
status: New → Triaged
description: updated
Changed in gnome-desktop (Ubuntu):
importance: Undecided → Wishlist
status: New → Triaged
description: updated
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Attached is a preliminary totem abstraction and totem-previewers profile for totem-video-thumbnailer and /usr/bin/totem-audio-preview. To use, put totem.abstraction in /etc/apparmor.d/abstractions/totem and usr.bin.totem-previewers in /etc/apparmor.d/usr.bin.totem-previewers. Then do:
$ sudo apparmor_parser -r /etc/apparmor.d/usr.bin.totem-previewers

It requires more testing before inclusion in Ubuntu, but was tested with ogg audio and flash video thumbnails via nautilus.

Changed in totem (Ubuntu):
assignee: nobody → Jamie Strandboge (jdstrand)
status: Triaged → In Progress
Revision history for this message
Jamie Strandboge (jdstrand) wrote :
Revision history for this message
Jamie Strandboge (jdstrand) wrote :
Revision history for this message
Jamie Strandboge (jdstrand) wrote :
Changed in gnome-desktop (Ubuntu):
assignee: nobody → Jamie Strandboge (jdstrand)
Revision history for this message
dino99 (9d9) wrote :

hi Jamie,
i'm ready to test but cant see the attached file into post #1

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

@dino99: I updated the usr.bin.gnome-thumbnail-font profile by attaching a new profile to this bug in comment #5 (also seen on the right of this page).

affects: gnome-control-center (Ubuntu) → gnome-utils (Ubuntu)
affects: gnome-desktop (Ubuntu) → gnome-desktop3 (Ubuntu)
Changed in gnome-utils (Ubuntu):
status: In Progress → Triaged
Changed in totem (Ubuntu):
status: In Progress → Triaged
Changed in gnome-desktop3 (Ubuntu):
assignee: Jamie Strandboge (jdstrand) → nobody
Changed in gnome-utils (Ubuntu):
assignee: Jamie Strandboge (jdstrand) → nobody
Changed in totem (Ubuntu):
assignee: Jamie Strandboge (jdstrand) → nobody
dino99 (9d9)
tags: added: raring saucy
Revision history for this message
Simon Déziel (sdeziel) wrote :

@Jamie, I've been running with your profile (from comment #5) on Precise since a long time and it works really well. It would be nice to have it shipped enabled by default in future releases. Thanks

tags: added: bionic disco
tags: removed: raring saucy
tags: added: focal jammy
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.