[Bug 715874] Re: gnome thumbnailers should have an apparmor profile
** Tags added: focal jammy -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/715874 Title: gnome thumbnailers should have an apparmor profile To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnome-desktop3/+bug/715874/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 715874] Re: gnome thumbnailers should have an apparmor profile
** Tags removed: raring saucy -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/715874 Title: gnome thumbnailers should have an apparmor profile To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnome-desktop3/+bug/715874/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 715874] Re: gnome thumbnailers should have an apparmor profile
** Tags added: bionic disco -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/715874 Title: gnome thumbnailers should have an apparmor profile To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnome-desktop3/+bug/715874/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 715874] Re: gnome thumbnailers should have an apparmor profile
@Jamie, I've been running with your profile (from comment #5) on Precise since a long time and it works really well. It would be nice to have it shipped enabled by default in future releases. Thanks -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/715874 Title: gnome thumbnailers should have an apparmor profile To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnome-desktop3/+bug/715874/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 715874] Re: gnome thumbnailers should have an apparmor profile
** Tags added: raring saucy -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/715874 Title: gnome thumbnailers should have an apparmor profile To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnome-desktop3/+bug/715874/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 715874] Re: gnome thumbnailers should have an apparmor profile
** Changed in: gnome-utils (Ubuntu) Status: In Progress => Triaged ** Changed in: totem (Ubuntu) Status: In Progress => Triaged ** Changed in: gnome-desktop3 (Ubuntu) Assignee: Jamie Strandboge (jdstrand) => (unassigned) ** Changed in: gnome-utils (Ubuntu) Assignee: Jamie Strandboge (jdstrand) => (unassigned) ** Changed in: totem (Ubuntu) Assignee: Jamie Strandboge (jdstrand) => (unassigned) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/715874 Title: gnome thumbnailers should have an apparmor profile To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnome-desktop3/+bug/715874/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 715874] Re: gnome thumbnailers should have an apparmor profile
** Package changed: gnome-control-center (Ubuntu) => gnome-utils (Ubuntu) ** Package changed: gnome-desktop (Ubuntu) => gnome-desktop3 (Ubuntu) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/715874 Title: gnome thumbnailers should have an apparmor profile To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnome-desktop3/+bug/715874/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 715874] Re: gnome thumbnailers should have an apparmor profile
@dino99: I updated the usr.bin.gnome-thumbnail-font profile by attaching a new profile to this bug in comment #5 (also seen on the right of this page). -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/715874 Title: gnome thumbnailers should have an apparmor profile -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 715874] Re: gnome thumbnailers should have an apparmor profile
hi Jamie, i'm ready to test but cant see the attached file into post #1 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/715874 Title: gnome thumbnailers should have an apparmor profile -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 715874] Re: gnome thumbnailers should have an apparmor profile
** Changed in: gnome-desktop (Ubuntu) Assignee: (unassigned) => Jamie Strandboge (jdstrand) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/715874 Title: gnome thumbnailers should have an apparmor profile -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 715874] Re: gnome thumbnailers should have an apparmor profile
** Attachment removed: "usr.bin.gnome-thumbnail-font" https://bugs.launchpad.net/ubuntu/+source/totem/+bug/715874/+attachment/1839899/+files/usr.bin.gnome-thumbnail-font ** Attachment added: "usr.bin.gnome-thumbnail-font" https://bugs.launchpad.net/ubuntu/+source/totem/+bug/715874/+attachment/1841874/+files/usr.bin.gnome-thumbnail-font -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/715874 Title: gnome thumbnailers should have an apparmor profile -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 715874] Re: gnome thumbnailers should have an apparmor profile
** Attachment added: "usr.bin.totem-previewers" https://bugs.launchpad.net/ubuntu/+source/totem/+bug/715874/+attachment/1841794/+files/usr.bin.totem-previewers -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/715874 Title: gnome thumbnailers should have an apparmor profile -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 715874] Re: gnome thumbnailers should have an apparmor profile
** Attachment added: "totem.abstraction" https://bugs.launchpad.net/ubuntu/+source/totem/+bug/715874/+attachment/1841793/+files/totem.abstraction -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/715874 Title: gnome thumbnailers should have an apparmor profile -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 715874] Re: gnome thumbnailers should have an apparmor profile
Attached is a preliminary totem abstraction and totem-previewers profile for totem-video-thumbnailer and /usr/bin/totem-audio-preview. To use, put totem.abstraction in /etc/apparmor.d/abstractions/totem and usr.bin.totem-previewers in /etc/apparmor.d/usr.bin.totem-previewers. Then do: $ sudo apparmor_parser -r /etc/apparmor.d/usr.bin.totem-previewers It requires more testing before inclusion in Ubuntu, but was tested with ogg audio and flash video thumbnails via nautilus. ** Changed in: totem (Ubuntu) Status: Triaged => In Progress ** Changed in: totem (Ubuntu) Assignee: (unassigned) => Jamie Strandboge (jdstrand) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/715874 Title: gnome thumbnailers should have an apparmor profile -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 715874] Re: gnome thumbnailers should have an apparmor profile
** Description changed: Binary package hint: gnome-control-center Nautilus normally uses gnome-thumbnail-font, to provide font previews. Eg: $ gconftool-2 -g /desktop/gnome/thumbnailers/application@x-font-ttf/enable true $ gconftool-2 -g /desktop/gnome/thumbnailers/application@x-font-ttf/command gnome-thumbnail-font %u %o If a flaw is discovered in a font library or Gnome and a user navigates - to a directory that has a malicious font file, gnome-tumbnail-font could - be used to execute arbitrary code, write out to files or leak + to a directory that has a malicious font file, gnome-thumbnail-font + could be used to execute arbitrary code, write out to files or leak information. Providing an apparmor profile for gnome-thumbnail-font would be a good step towards proactively protecting the user from this sort of attack. - nautilus also use totem-video-thumbnail and evince-thumbnailer. evince- - thumbnailer has an apparmor profile already. For images, nautilus uses - gdk-pixbuf routines via gnome-desktop, but these can be altered to use - evince-thumbnailer by installing schema files for these images. + The same can be said for other thumbnailers. Nautilus also uses totem- + video-thumbnail and evince-thumbnailer (evince-thumbnailer has an + apparmor profile already). For images, nautilus uses gdk-pixbuf routines + via gnome-desktop, but these can be altered to use evince-thumbnailer by + installing schema files for the various image mime-types and updating + gnome-desktop to not fallback to gdk-pixbuf on thumbnail script error. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/715874 Title: gnome thumbnailers should have an apparmor profile -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 715874] Re: gnome thumbnailers should have an apparmor profile
** Summary changed: - should have apparmor profile for gnome-thumbnail-font + gnome thumbnailers should have an apparmor profile ** Also affects: totem (Ubuntu) Importance: Undecided Status: New ** Changed in: totem (Ubuntu) Importance: Undecided => Wishlist ** Changed in: totem (Ubuntu) Status: New => Triaged ** Description changed: Binary package hint: gnome-control-center - Nautilus normally uses gnome-thumbnail-font to provide font previews. Eg: + Nautilus normally uses gnome-thumbnail-font, to provide font previews. Eg: $ gconftool-2 -g /desktop/gnome/thumbnailers/application@x-font-ttf/enable true $ gconftool-2 -g /desktop/gnome/thumbnailers/application@x-font-ttf/command gnome-thumbnail-font %u %o If a flaw is discovered in a font library or Gnome and a user navigates to a directory that has a malicious font file, gnome-tumbnail-font could be used to execute arbitrary code, write out to files or leak information. Providing an apparmor profile for gnome-thumbnail-font would be a good step towards proactively protecting the user from this sort of attack. + + nautilus also use totem-video-thumbnail and evince-thumbnailer. evince- + thumbnailer has an apparmor profile already. For images, nautilus uses + gdk-pixbuf routines via gnome-desktop, but these can be altered to use + evince-thumbnailer by installing schema files for these images. ** Also affects: gnome-desktop (Ubuntu) Importance: Undecided Status: New ** Changed in: gnome-desktop (Ubuntu) Importance: Undecided => Wishlist ** Changed in: gnome-desktop (Ubuntu) Status: New => Triaged -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/715874 Title: gnome thumbnailers should have an apparmor profile -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs