Re: [Tails-ux] Tightening a bit the Evince and Totem AppArmo…

Delete this message

Reply to this message
Author: sajolida
Date:  
To: Tails user experience & user interface design
Subject: Re: [Tails-ux] Tightening a bit the Evince and Totem AppArmor policy
intrigeri:
> sajolida wrote (05 Jun 2015 16:51:34 GMT) :
>> intrigeri:
>>> [...]
>>> So, I'd like to tighten this policy a little bit, by adding
>>> a whitelist approach on top of that. How about letting Evince and
>>> Totem read and write any file if, and only if, *all* the following
>>> conditions are met:
>>> [...]
>>> 1. Is there any other commonly used storage directory that should
>>>    be allowed?

>
>> I think that's a good list. It's quite permissive and shouldn't pose big
>> problems.
>
> Cool.
>
>> Here are a few possible additions:
>
>> When using `keyringer open` temporary files are stored in
>> /run/shm/keyringer.amnesia.
>
> That's a directory name, right? If it is, then: is that the *exact*
> directory name that's always used, or is a random-looking suffix added
> to it? If so, then that's probably a security bug (as basically any
> use of a fixed or guessable or bruteforceable filename in
> a world-writable directory).


The unencrypted version is in
/run/shm/keyringer.amnesia/up8yyOS6A6.open.credentials. For more info,
please try for example `keyringer internal open credentials` yourself.

--
sajolida