[Bug 1662501] Re: since the apparmor profile is disabled by default, please make the apparmor policy strict with option to make less strict
Could we eventually use xdg-desktop-portal? https://bugzilla.mozilla.org/show_bug.cgi?id=1490186 ** Bug watch added: Mozilla Bugzilla #1490186 https://bugzilla.mozilla.org/show_bug.cgi?id=1490186 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1662501 Title: since the apparmor profile is disabled by default, please make the apparmor policy strict with option to make less strict To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1662501/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1662501] Re: since the apparmor profile is disabled by default, please make the apparmor policy strict with option to make less strict
Hmmm, interesting! I wouldn't hold out too long on giving the friendly tools smarts vis-a-vis conditionals, since that kind of logic isn't necessarily straightforward (i.e. can be hard/time-consuming to implement), it's not necessary for power/paranoid users (we're happy resorting to a text editor), and even low-skill users are better served by a debconf prompt anyway. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1662501 Title: since the apparmor profile is disabled by default, please make the apparmor policy strict with option to make less strict To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1662501/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 1662501] Re: since the apparmor profile is disabled by default, please make the apparmor policy strict with option to make less strict
On Sun, Jul 29, 2018 at 11:35:58PM -, Daniel Richard G. wrote: > I think we could really use some kind of conditional construct (IF ... > THEN ...) in AppArmor syntax. Everything being talking about here apparmor_parser does in fact have conditionals of exactly this form. They aren't documented -- or used -- because the friendly tools don't yet know how to parse the contents, or suggest changing the value of the booleans in response to events in the logs. Some Day. :) Thanks -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1662501 Title: since the apparmor profile is disabled by default, please make the apparmor policy strict with option to make less strict To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1662501/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1662501] Re: since the apparmor profile is disabled by default, please make the apparmor policy strict with option to make less strict
I think we could really use some kind of conditional construct (IF ... THEN ...) in AppArmor syntax. Everything being talking about here should, ideally, be adjustable using tunables. With a debconf configuration option, even. Between users who want strict access control to user files, and users who don't know "how to computer," there's no way we're going to get agreement on a default configuration that satisfies the former. The best outcome, then, is to make tightening up the access easy, and editing lines in the guts of profile and abstraction files IMO does not measure up to that. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1662501 Title: since the apparmor profile is disabled by default, please make the apparmor policy strict with option to make less strict To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1662501/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1662501] Re: since the apparmor profile is disabled by default, please make the apparmor policy strict with option to make less strict
Hello. I think that the default Firefox profile can be made more restrictive, stricter. It's pretty simple and can be done by removing a few default rules (mentioned in bug report by Vlad K., for example) etc. Anyway, here are some ideas (based on testing made in the past). As an example, we can specify, mentions the rules that makes browsing directories works. My tests made in the past, showed that Firefox needs an access only to '/dev/' directory - not the whole and everything in '/**/' folders! The same thing with rules providing an access to documentation and other files (default rule: '/usr/** r,'). In my testings, Firefox needed an access to '/usr/share/{glib-2.0,hunspell}/' folders only! Not everything under '/usr/'. If it's about '/etc/apparmor.d/abstractions/ubuntu-browsers.d/user- files' file and rules to access everything in User home folder: by default, Firefox profile contains rules that allows downloads to '~/Downloads' and uploads from '~/Public' folders, right? Because, there is also one rule related to the 'user-files' file: '' an access is unrestricted. Changing/removing rules in the 'user-files' file and adding rules that allows User to save files only in '~/Downloads' folder seems to fix such issue - unrestricted access etc. The same thing with unnecessary - in my opinion - rules mentioned above '/**/' and '/usr' and so on. Additionally, there can be added a '' rule to deny access to sensitive files and to provide a special attention to (potentially) executable files. (However, during testings appeared a few "DENIED" entries in the logs files and additional rules were needed.) And that's not everything. For example, Users who don't use printers doesn't need '' rule, right? There are many rules in default Firefox profile that can be changed/removed etc. (Personally, I'm using profile created from scratch, with more stricter policy). By the way: it seems that with every next Firefox release, a new rules needs to be added. It's happens very often. The latest Firefox version, caused several problems: no menu bar, main window resize, errors with tab, no website could be enabled by clicking on a bookmarks labels etc. Really, the v60 version caused many issues, that required a few new rules. Here are bug report: ● https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1770600 I hope, that it will help someone to fix problems, that may appear after Firefox upgrade to the 60.0 version. Thanks, best regards. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1662501 Title: since the apparmor profile is disabled by default, please make the apparmor policy strict with option to make less strict To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1662501/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1662501] Re: since the apparmor profile is disabled by default, please make the apparmor policy strict with option to make less strict
I have created simialr bug in https://bugs.launchpad.net/firefox/+bug/1609439 . It's confusing having too (or more?) Firefoxes in launchpad... My original issue was that usr.bin.firefox contains kinda.. misinformation, if I may, with rules like: owner @{HOME}/Downloads/* rw, while included user-files profile allows all home access (except some denies of course), making this mentioned rule redundant. Anyway, I agree that profile could be stricter, although question arises, will I be able to suggest it for my not-that-savvy friends of mine, if they would be able to download only to the Downloads, and upload only from, let's say Home maybe (and Downloads and Pubic...)? What a bout cat pics placed anywhere within home or mounted drive or whatever? :) . About user-files: there is /etc/apparmor.d/abstractions/private-files so maybe it could be improved and used as main deny list, alternative to /etc/apparmor.d/abstractions/ubuntu-browsers.d/user-files ? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1662501 Title: since the apparmor profile is disabled by default, please make the apparmor policy strict with option to make less strict To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1662501/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1662501] Re: since the apparmor profile is disabled by default, please make the apparmor policy strict with option to make less strict
Jamie, thanks for the elaborate explanation and directing the issue where it matters. I'd just like to comment on switching the issue to "firefox" package and "the firefox profile can be adjusted to remove the user-files abstraction ..." Removal of "user-files" abstraction would weaken the security because user-files contains explicit DENY rules for ~/.ssh and kde|gnome wallets, as well as ~/.gpg (!!). While that would, in turn, also imply removal of "@{HOME}/** r" ruleset, and thus imply no access to files in user's HOME directory at all, it would compound with default Firefox' policy of "/**/ r," which would then allow at least listing of all user files. The user-files abstraction is important. It protects known sensitive files, but it should also deny all access to anything but ~/Downloads and/or ~/Public. With a few comments with which the user can be directed to easily re-enable full @{HOME} access if she or he so desires. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1662501 Title: since the apparmor profile is disabled by default, please make the apparmor policy strict with option to make less strict To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1662501/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1662501] Re: since the apparmor profile is disabled by default, please make the apparmor policy strict with option to make less strict
Clarification re snaps and the 'home' interface> the 'home' interface does not grant access to toplevel hidden files and directories. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1662501 Title: since the apparmor profile is disabled by default, please make the apparmor policy strict with option to make less strict To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1662501/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs