lightdm-guest-session restricts access to /run/pcscd/pcscd.comm
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
lightdm (Ubuntu) |
Confirmed
|
Medium
|
Unassigned |
Bug Description
On Ubuntu 14.04 the Apparmor profile for guest account restricts access to /run/pcscd/
PCSC-Lite provides /run/pcscd/
Background information: Estonia has issued over million smartcards to it's citizens which allow authenticating online and digitally signing documents.
Usecases that are broken with current situation:
1. Giving laptop to a friend/
2. Using Estonian ID-card software to sign and encrypt documents using guest account
3. Deploying Ubuntu 14.04 on internet kiosks which should have ability to access e-government services
Security implications:
Enabling access to the UNIX domain socket should not have much implications since to actually use the card it would need to be unlocked using PIN code and that is handled in higher level of the software stack (OpenSC). As guest account requires physical presence it doesn't make any difference if malicious person already knows the PIN. He could just aswell plug the card into his own machine to take advantage of the situation.
As a temporary fix I appended "/run/pcscd/
However I believe modifying upstream policy could blow up in my face at some point in time and as discussed on #ubuntu-hardened currently it is not possible to customize guest session policy via /etc/apparmor.
18:57 < lauri> As I said I don't want to overwrite upstream file. I need to complement it, is it possible?
18:58 < mdeslaur> lauri: unfortunately not as-is, as the lightdm profile doesn't include the local directory
affects: | lightdm → lightdm (Ubuntu) |
Changed in lightdm (Ubuntu): | |
status: | New → Confirmed |
tags: | added: apparmor |
Changed in lightdm (Ubuntu): | |
importance: | Undecided → Medium |