2013-11-26 20:25:54 |
Jamie Strandboge |
description |
Ubuntu SDK applications that use qtdeclarative5-qtmultimedia-plugin to access the camera create the /run/shm/hybris_shm_data shared memory file. This results in an AppArmor rule like the following:
/{,var/}run/shm/hybris_shm_data rw,
But this rule seems too lenient and breaks application isolation because a malicious app could attack shared memory of other applications. Therefore, these paths need to be made application specific. One suggestion is to use something like (pseudocode):
app_pkgname = $APP_ID.split('_')[0]
path = "%s-%s", HYBRIS_SHM_PATH, app_pkgname
shm_open(path, O_RDWR, 0660)
The APP_ID can be obtained from the environment. Reading hooks_shm.c, it is not clear if all apps from the users session are intended to use the same shared memory segment. If so that's the case and if someone explain how a malicious app can't attack /run/shm/hybris_shm_data to affect other apps, then this bug can be marked Invalid. |
Ubuntu SDK applications that use qtdeclarative5-qtmultimedia-plugin to access the camera create the /run/shm/hybris_shm_data shared memory file. This results in an AppArmor rule like the following:
/{,var/}run/shm/hybris_shm_data rw,
But this rule seems too lenient and breaks application isolation because a malicious app could attack shared memory of other applications. Therefore, these paths need to be made application specific. One suggestion is to use something like (pseudocode):
app_pkgname = $APP_ID.split('_')[0]
path = "%s-%s", HYBRIS_SHM_PATH, app_pkgname
shm_open(path, O_RDWR, 0660)
The APP_ID can be obtained from the environment. Reading hooks_shm.c, it is not clear if all apps from the users session are intended to use the same shared memory segment. If so that's the case and if someone explain how a malicious app can't attack /run/shm/hybris_shm_data to affect other apps, then this bug can be marked Invalid.
Note: when we moved to gstreamer 1.2 in 13.10, all apps needed this access, not just apps using qtdeclarative5-qtmultimedia-plugin. |
|