| 2013-08-12 15:46:01 |
Marc Deslauriers |
bug |
|
|
added bug |
| 2013-08-12 15:47:39 |
Jamie Strandboge |
nominated for series |
|
Ubuntu Saucy |
|
| 2013-08-12 15:47:39 |
Jamie Strandboge |
bug task added |
|
pulseaudio (Ubuntu Saucy) |
|
| 2013-08-12 15:47:47 |
Jamie Strandboge |
pulseaudio (Ubuntu Saucy): importance |
Undecided |
Critical |
|
| 2013-08-12 15:48:04 |
Jamie Strandboge |
pulseaudio (Ubuntu Saucy): status |
New |
Confirmed |
|
| 2013-08-12 15:48:22 |
Jamie Strandboge |
pulseaudio (Ubuntu Saucy): milestone |
|
ubuntu-13.10 |
|
| 2013-08-20 13:32:41 |
Rajiv Shah |
bug task added |
|
pulseaudio |
|
| 2013-09-20 02:37:15 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/saucy-proposed/apparmor-easyprof-ubuntu |
|
| 2013-09-25 18:38:58 |
Jamie Strandboge |
bug task added |
|
apparmor-easyprof-ubuntu (Ubuntu) |
|
| 2013-09-25 18:40:40 |
Jamie Strandboge |
apparmor-easyprof-ubuntu (Ubuntu Saucy): importance |
Undecided |
Critical |
|
| 2013-09-25 18:40:40 |
Jamie Strandboge |
apparmor-easyprof-ubuntu (Ubuntu Saucy): status |
New |
Fix Released |
|
| 2013-09-25 18:40:40 |
Jamie Strandboge |
apparmor-easyprof-ubuntu (Ubuntu Saucy): assignee |
|
Jamie Strandboge (jdstrand) |
|
| 2013-09-25 18:40:53 |
Jamie Strandboge |
pulseaudio (Ubuntu Saucy): status |
Confirmed |
Won't Fix |
|
| 2013-09-25 18:41:00 |
Jamie Strandboge |
pulseaudio (Ubuntu Saucy): milestone |
ubuntu-13.10 |
|
|
| 2013-09-30 17:42:53 |
Jamie Strandboge |
nominated for series |
|
Ubuntu T-series |
|
| 2013-09-30 17:42:53 |
Jamie Strandboge |
bug task added |
|
pulseaudio (Ubuntu T-series) |
|
| 2013-09-30 17:42:53 |
Jamie Strandboge |
bug task added |
|
apparmor-easyprof-ubuntu (Ubuntu T-series) |
|
| 2013-09-30 17:43:04 |
Jamie Strandboge |
pulseaudio (Ubuntu Saucy): importance |
Critical |
Undecided |
|
| 2013-09-30 17:43:08 |
Jamie Strandboge |
pulseaudio (Ubuntu T-series): importance |
Undecided |
Medium |
|
| 2013-09-30 17:43:23 |
Jamie Strandboge |
pulseaudio (Ubuntu): importance |
Critical |
Medium |
|
| 2013-09-30 17:43:39 |
Jamie Strandboge |
pulseaudio (Ubuntu T-series): status |
New |
Confirmed |
|
| 2013-09-30 17:43:51 |
Jamie Strandboge |
pulseaudio (Ubuntu): milestone |
ubuntu-13.10 |
|
|
| 2013-09-30 17:44:19 |
Jamie Strandboge |
apparmor-easyprof-ubuntu (Ubuntu T-series): status |
New |
Confirmed |
|
| 2013-10-05 00:18:38 |
Tyler Hicks |
bug task added |
|
apparmor (Ubuntu) |
|
| 2013-10-05 00:21:08 |
Tyler Hicks |
apparmor (Ubuntu Saucy): importance |
Undecided |
Medium |
|
| 2013-10-05 00:21:08 |
Tyler Hicks |
apparmor (Ubuntu Saucy): status |
New |
Confirmed |
|
| 2013-10-05 00:21:08 |
Tyler Hicks |
apparmor (Ubuntu Saucy): assignee |
|
Tyler Hicks (tyhicks) |
|
| 2013-10-05 00:21:38 |
Tyler Hicks |
apparmor (Ubuntu T-series): importance |
Undecided |
Medium |
|
| 2013-10-05 00:21:38 |
Tyler Hicks |
apparmor (Ubuntu T-series): status |
New |
Confirmed |
|
| 2013-10-08 19:05:17 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/saucy-proposed/apparmor |
|
| 2013-10-08 19:47:39 |
Launchpad Janitor |
apparmor (Ubuntu Saucy): status |
Confirmed |
Fix Released |
|
| 2013-10-08 19:59:35 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/apparmor |
|
| 2013-10-11 16:45:27 |
Jamie Strandboge |
apparmor (Ubuntu T-series): status |
Confirmed |
Fix Released |
|
| 2013-10-11 16:45:41 |
Jamie Strandboge |
apparmor-easyprof-ubuntu (Ubuntu T-series): status |
Confirmed |
Fix Released |
|
| 2013-10-11 16:57:20 |
Jamie Strandboge |
description |
Confined applications need access to the pulseaudio socket.
Unfortunately, this allows them to perform dangerous operations, such as load a module from an arbitrary path.
It also allows them to enumerate installed applications by listing clients.
The Pulseaudio daemon should verify if an application is confined, and if so, restrict access to certain commands.
If module loading cannot be disabled for confined applications, perhaps it could be modified to only load modules from trusted system locations. |
Confined applications need access to the pulseaudio socket. Currently several sockets are available to apps, and some allow performing dangerous operations, such as loading a module from an arbitrary path.
It also allows them to enumerate installed applications by listing clients.
The Pulseaudio daemon should verify if an application is confined, and if so, restrict access to certain commands.
If module loading cannot be disabled for confined applications, perhaps it could be modified to only load modules from trusted system locations. |
|
| 2014-02-12 14:11:58 |
Simon Déziel |
bug |
|
|
added subscriber Simon Déziel |
| 2014-10-08 16:29:56 |
Jamie Strandboge |
pulseaudio (Ubuntu Trusty): status |
Confirmed |
Won't Fix |
|
