The verification of this Stable Release Update has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regresssions.
-- You received this bug notification because you are a member of Desktop Packages, which is subscribed to cups in Ubuntu. https://bugs.launchpad.net/bugs/1045986 Title: Ubuntu AppArmor policy is too lenient with shell scripts Status in “apparmor” package in Ubuntu: Fix Released Status in “apport” package in Ubuntu: Fix Released Status in “chromium-browser” package in Ubuntu: Confirmed Status in “cups” package in Ubuntu: Confirmed Status in “dhcp3” package in Ubuntu: Invalid Status in “firefox” package in Ubuntu: Confirmed Status in “isc-dhcp” package in Ubuntu: Fix Released Status in “apparmor” source package in Lucid: Invalid Status in “apport” source package in Lucid: Fix Released Status in “chromium-browser” source package in Lucid: Confirmed Status in “cups” source package in Lucid: Confirmed Status in “dhcp3” source package in Lucid: Fix Released Status in “firefox” source package in Lucid: Confirmed Status in “isc-dhcp” source package in Lucid: Invalid Status in “apparmor” source package in Natty: Won't Fix Status in “apport” source package in Natty: Won't Fix Status in “chromium-browser” source package in Natty: Won't Fix Status in “cups” source package in Natty: Won't Fix Status in “dhcp3” source package in Natty: Invalid Status in “firefox” source package in Natty: Won't Fix Status in “isc-dhcp” source package in Natty: Fix Released Status in “apparmor” source package in Oneiric: Fix Released Status in “apport” source package in Oneiric: Fix Released Status in “chromium-browser” source package in Oneiric: Confirmed Status in “cups” source package in Oneiric: Confirmed Status in “dhcp3” source package in Oneiric: Invalid Status in “firefox” source package in Oneiric: Confirmed Status in “isc-dhcp” source package in Oneiric: Fix Released Status in “apparmor” source package in Precise: Fix Released Status in “apport” source package in Precise: Fix Released Status in “chromium-browser” source package in Precise: Confirmed Status in “cups” source package in Precise: Confirmed Status in “dhcp3” source package in Precise: Invalid Status in “firefox” source package in Precise: Confirmed Status in “isc-dhcp” source package in Precise: Fix Released Status in “apparmor” source package in Quantal: Fix Released Status in “apport” source package in Quantal: Fix Released Status in “chromium-browser” source package in Quantal: Confirmed Status in “cups” source package in Quantal: Confirmed Status in “dhcp3” source package in Quantal: Invalid Status in “firefox” source package in Quantal: Confirmed Status in “isc-dhcp” source package in Quantal: Fix Released Bug description: Dan Rosenberg has blogged about some AppArmor profile weaknesses in Ubuntu: http://blog.azimuthsecurity.com/2012/09/poking-holes-in-apparmor-profiles.html This bug will track the work needed to fix them. This is a continuation of bug #851986, except for PATH and shell scripts. Unfortunately, until we have proper environment filtering support in AppArmor, we will have to employ more bandaids-- specifically, either eliminating Ux/sanitized helper on shell scripts or adjusting those shell scripts to explicitly set their PATH. The good news is that environment filtering is on the AppArmor roadmap, and it something we will be targeting in the future releases. I filed bug #1045985 to more easily track the progress of that work. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1045986/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
