Jeremy,

that would not cover the general access case I was talking about. Please
note, this is not a personal bug that I can't solve. I've modified my
Firefox profile to address these issues as much as I can (as much as
capable but not omnipotent AppArmor can do).

I'm concerned about defaults and communicating the issue to users. I
just think that in this day and age, the (in)security situation is so
severe that we must no longer consider making systems that "even my
grandma can easily use" without also considering a security profile that
"even my grandma should be aware of and tweak it because it's simply
necessary".

The whole point of M in MAC is, after all, to explicitly grant what is
doable in otherwise default-deny context. "@{HOME}/** r" flies in the
face of it (and personally I think "owner" should be added there to,
despite the fact that DAC is consulted first. Least Privilege Policy.).

I'll admit that I don't know how the snaps interface is designed to work
eventually, primarily because it's so new and I haven't had a chance to
check every aspect of it. But, if it will be possible to allow a
restriction like "no random $HOME access except ~/Downloads and
~/Public" with a switch of a checkbox or snap plug, then it's job well
done while balancing usability and security.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1662501

Title:
  AppArmor profile for ubuntu-browsers allows too much read access

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1662501/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to