Ubuntu
totem package

gnome thumbnailers should have an apparmor profile

Bug #715874 reported by Jamie Strandboge on 2011-02-09
44
This bug affects 7 people
Affects Status Importance Assigned to Milestone
gnome-desktop3 (Ubuntu)
Triaged
Wishlist
Unassigned
gnome-utils (Ubuntu)
Triaged
Wishlist
Unassigned
totem (Ubuntu)
Triaged
Wishlist
Unassigned
Also affects project (?) Also affects distribution/package Nominate for series

Bug Description

Binary package hint: gnome-control-center

Nautilus normally uses gnome-thumbnail-font, to provide font previews. Eg:
$ gconftool-2 -g /desktop/gnome/thumbnailers/application@x-font-ttf/enable
true
$ gconftool-2 -g /desktop/gnome/thumbnailers/application@x-font-ttf/command
gnome-thumbnail-font %u %o

If a flaw is discovered in a font library or Gnome and a user navigates to a directory that has a malicious font file, gnome-thumbnail-font could be used to execute arbitrary code, write out to files or leak information. Providing an apparmor profile for gnome-thumbnail-font would be a good step towards proactively protecting the user from this sort of attack.

The same can be said for other thumbnailers. Nautilus also uses totem-video-thumbnail and evince-thumbnailer (evince-thumbnailer has an apparmor profile already). For images, nautilus uses gdk-pixbuf routines via gnome-desktop, but these can be altered to use evince-thumbnailer by installing schema files for the various image mime-types and updating gnome-desktop to not fallback to gdk-pixbuf on thumbnail script error.

See original description
Jamie Strandboge (jdstrand) wrote :

Attached is a preliminary profile to achieve this. It was tested with various font files based on http://gfontview.sourceforge.net/features.html as well as with nautilus. It requires more testing before inclusion in Ubuntu. To try it out, copy it to /etc/apparmor.d/usr.bin.gnome-thumbnail-font and then perform:
$ sudo apparmor_parser -r /etc/apparmor.d/usr.bin.gnome-thumbnail-font

Feedback is welcome.

Changed in gnome-control-center (Ubuntu):
assignee: nobody → Jamie Strandboge (jdstrand)
importance: Undecided → Wishlist
status: New → In Progress
tags: added: apparmor
Jamie Strandboge (jdstrand) on 2011-02-09
summary: - should have apparmor profile for gnome-thumbnail-font
+ gnome thumbnailers should have an apparmor profile
Changed in totem (Ubuntu):
importance: Undecided → Wishlist
status: New → Triaged
description: updated
Changed in gnome-desktop (Ubuntu):
importance: Undecided → Wishlist
status: New → Triaged
Jamie Strandboge (jdstrand) on 2011-02-10
description: updated
Jamie Strandboge (jdstrand) wrote :

Attached is a preliminary totem abstraction and totem-previewers profile for totem-video-thumbnailer and /usr/bin/totem-audio-preview. To use, put totem.abstraction in /etc/apparmor.d/abstractions/totem and usr.bin.totem-previewers in /etc/apparmor.d/usr.bin.totem-previewers. Then do:
$ sudo apparmor_parser -r /etc/apparmor.d/usr.bin.totem-previewers

It requires more testing before inclusion in Ubuntu, but was tested with ogg audio and flash video thumbnails via nautilus.

Changed in totem (Ubuntu):
assignee: nobody → Jamie Strandboge (jdstrand)
status: Triaged → In Progress
Jamie Strandboge (jdstrand) wrote :
Jamie Strandboge (jdstrand) wrote :
Jamie Strandboge (jdstrand) wrote :
Jamie Strandboge (jdstrand) on 2011-02-11
Changed in gnome-desktop (Ubuntu):
assignee: nobody → Jamie Strandboge (jdstrand)
dino99 (9d9) wrote :

hi Jamie,
i'm ready to test but cant see the attached file into post #1

Jamie Strandboge (jdstrand) wrote :

@dino99: I updated the usr.bin.gnome-thumbnail-font profile by attaching a new profile to this bug in comment #5 (also seen on the right of this page).

Sebastien Bacher (seb128) on 2011-10-12
affects: gnome-control-center (Ubuntu) → gnome-utils (Ubuntu)
affects: gnome-desktop (Ubuntu) → gnome-desktop3 (Ubuntu)
Jamie Strandboge (jdstrand) on 2012-05-01
Changed in gnome-utils (Ubuntu):
status: In Progress → Triaged
Changed in totem (Ubuntu):
status: In Progress → Triaged
Changed in gnome-desktop3 (Ubuntu):
assignee: Jamie Strandboge (jdstrand) → nobody
Changed in gnome-utils (Ubuntu):
assignee: Jamie Strandboge (jdstrand) → nobody
Changed in totem (Ubuntu):
assignee: Jamie Strandboge (jdstrand) → nobody
dino99 (9d9) on 2013-04-26
tags: added: raring saucy
Simon Déziel (sdeziel) wrote :

@Jamie, I've been running with your profile (from comment #5) on Precise since a long time and it works really well. It would be nice to have it shipped enabled by default in future releases. Thanks

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.
Subscribing...

Other bug subscribers