[upstream] mozilla cert8.db and key3.db are denied by apparmor
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
LibreOffice |
Confirmed
|
Medium
|
|||
libreoffice (Ubuntu) |
New
|
Low
|
Unassigned |
Bug Description
libreoffice accesses firefox's cert8.db and key3.db, i have found this from apparmor log messages.
i googled "libreoffice cert8.db key3.db" and have found out that seems libreoffice does this by design. see https:/
does libreoffice really need write access to these files? i think it can potentially add some bad certificates, and some sites would have verified sign then, while user has not added it to exceptions.
i think if user have not secured his master password, it can be considered it is ok if some app can access his passwords.
i think this pages also can be helpful: https:/
Changed in df-libreoffice: | |
importance: | Unknown → Medium |
status: | Unknown → Confirmed |
Changed in libreoffice (Ubuntu): | |
importance: | Undecided → Low |
Description:
When opening a docx,xlsx,pptx file, LibreOffice tries to access my Firefox's certificate store and keychain (as reported by default AppArmor rules provided by Canonical on Ubuntu 18.04)
Said files has no digital signature to check, if it were the case, it would be required to use system's certificate store and/or seahorse's certificate store.
Affected versions are 6.0.3 provided by Canonical and 6.0.6 provided by document foundation launchpad PPA.
There are no visible reasons for LibreOffice to try to read anything from Firefox.
Here are the logs produced by AppArmor when opening such files :
home/Magissia/ .mozilla/ firefox/ mwad0hks. default/ cert8.db" pid=19509 comm="soffice.bin" requested_mask="w" denied_mask="w" fsuid=1000 ouid=1000 1.498:70) : apparmor="ALLOWED" operation="open" profile= "libreoffice- soffice" name="/ home/Magissia/ .mozilla/ firefox/ mwad0hks. default/ key3.db" pid=19509 comm="soffice.bin" requested_mask="wr" denied_mask="wr" fsuid=1000 ouid=1000 0.018:71) : apparmor="ALLOWED" operation="open" profile= "libreoffice- soffice" name="/ proc/version" pid=19509 comm="soffice.bin" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Sep 11 18:25:31 Marshmallow kernel: [18154.693846] audit: type=1400 audit(153668313
Sep 11 18:25:40 Marshmallow kernel: [18163.215743] audit: type=1400 audit(153668314
Steps to Reproduce:
1. Open any docx file created with Microsoft Word 2013 or superior
2. Enjoy invasion of privacy
Actual Results:
LibreOffice tries to read private files that has nothing to do with the document or LibreOffice
Expected Results:
Not reading Firefox's files when opening documents
Reproducible: Always
User Profile Reset: Yes
OpenGL enabled: Yes
Additional Info: 0ubuntu0. 18.04.1
Version: 6.0.6.2
Build ID: 1:6.0.6-
Threads CPU : 2; OS : Linux 4.15; UI Render : par défaut; VCL: gtk3;
Locale : fr-FR (fr_FR.UTF-8); Calc: group