libhybris should use an app-specific path for shared memory files

Bug #1226569 reported by Jamie Strandboge
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
libhybris (Ubuntu)
Confirmed
High
Unassigned
Saucy
Won't Fix
High
Unassigned
Trusty
Confirmed
High
Unassigned

Bug Description

Ubuntu SDK applications that use qtdeclarative5-qtmultimedia-plugin to access the camera create the /run/shm/hybris_shm_data shared memory file. This results in an AppArmor rule like the following:
  /{,var/}run/shm/hybris_shm_data rw,

But this rule seems too lenient and breaks application isolation because a malicious app could attack shared memory of other applications. Therefore, these paths need to be made application specific. One suggestion is to use something like (pseudocode):
  app_pkgname = $APP_ID.split('_')[0]
  path = "%s-%s", HYBRIS_SHM_PATH, app_pkgname
  shm_open(path, O_RDWR, 0660)

The APP_ID can be obtained from the environment. Reading hooks_shm.c, it is not clear if all apps from the users session are intended to use the same shared memory segment. If so that's the case and if someone explain how a malicious app can't attack /run/shm/hybris_shm_data to affect other apps, then this bug can be marked Invalid.

Note: when we moved to gstreamer 1.2 in 13.10, all apps needed this access, not just apps using qtdeclarative5-qtmultimedia-plugin.

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in libhybris (Ubuntu):
status: New → Confirmed
description: updated
Changed in libhybris (Ubuntu Saucy):
status: Confirmed → Won't Fix
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.