libhybris should use an app-specific path for shared memory files

Bug #1226569 reported by Jamie Strandboge on 2013-09-17
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
libhybris (Ubuntu)
High
Unassigned
Saucy
High
Unassigned
Trusty
High
Unassigned

Bug Description

Ubuntu SDK applications that use qtdeclarative5-qtmultimedia-plugin to access the camera create the /run/shm/hybris_shm_data shared memory file. This results in an AppArmor rule like the following:
  /{,var/}run/shm/hybris_shm_data rw,

But this rule seems too lenient and breaks application isolation because a malicious app could attack shared memory of other applications. Therefore, these paths need to be made application specific. One suggestion is to use something like (pseudocode):
  app_pkgname = $APP_ID.split('_')[0]
  path = "%s-%s", HYBRIS_SHM_PATH, app_pkgname
  shm_open(path, O_RDWR, 0660)

The APP_ID can be obtained from the environment. Reading hooks_shm.c, it is not clear if all apps from the users session are intended to use the same shared memory segment. If so that's the case and if someone explain how a malicious app can't attack /run/shm/hybris_shm_data to affect other apps, then this bug can be marked Invalid.

Note: when we moved to gstreamer 1.2 in 13.10, all apps needed this access, not just apps using qtdeclarative5-qtmultimedia-plugin.

Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in libhybris (Ubuntu):
status: New → Confirmed
description: updated
Changed in libhybris (Ubuntu Saucy):
status: Confirmed → Won't Fix
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers