please use XDG_RUNTIME_DIR instead of /tmp for mir_socket
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Mir |
Fix Released
|
High
|
Alan Griffiths | ||
apparmor-easyprof-ubuntu (Ubuntu) |
Fix Released
|
High
|
Jamie Strandboge | ||
Saucy |
Won't Fix
|
High
|
Jamie Strandboge | ||
mir (Ubuntu) |
Fix Released
|
High
|
Unassigned |
Bug Description
The security team noticed the following apparmor denial:
[ 86.069189] type=1400 audit(138124306
Discussing this with the mir team, the mir socket is needed by all native GL apps. However, the default location is:
$ ls -l /tmp/mir_socket
srwxr-xr-x 1 phablet phablet 0 Oct 8 09:54 /tmp/mir_socket
This is not a reasonable default for a multiuser system and is not sufficiently defensive on a single user system (eg, a security issue in a non-phablet uid process can read the socket).
It seems that XDG_RUNTIME_DIR would be a reasonable default:
$ set|grep XDG
XDG_RUNTIME_
$ ls -ld /run/user/32011/
drwx------ 5 phablet phablet 140 Oct 8 09:54 /run/user/32011/
It is explicitly set on Ubuntu, is cleaned up on reboot like /tmp and has 700 directory permissions. There is urgency on deciding the proper location because apparmor-
Related branches
- PS Jenkins bot (community): Approve (continuous-integration)
- Robert Ancell: Approve
-
Diff: 86 lines (+45/-3)4 files modifiedinclude/shared/mir/default_configuration.h (+1/-1)
src/server/default_server_configuration.cpp (+2/-2)
src/shared/logging/CMakeLists.txt (+1/-0)
src/shared/logging/default_configuration.cpp (+41/-0)
Changed in apparmor-easyprof-ubuntu (Ubuntu Saucy): | |
status: | Triaged → Confirmed |
Changed in mir: | |
status: | New → Fix Released |
importance: | Undecided → High |
assignee: | nobody → Alan Griffiths (alan-griffiths) |
no longer affects: | mir (Ubuntu Saucy) |
Adding apparmor- easyprof- ubuntu task since we need to update apparmor policy for click apps to use the specified socket.