Bug#676853: totem: please include AppArmor profile
intrigeri at debian.org
intrigeri at debian.org
Sun Jun 10 00:10:09 UTC 2012
Source: totem
Version: 3.0.1-8
Severity: wishlist
Tags: patch
User: apparmor at packages.debian.org
Usertags: new-profile
thanks
Please include AppArmor profile for totem.
Since it handles untrusted data, and has been affected by a number of
potential security issues in past years relating to its handling of
those, totem seems like an ideal candidate for confining:
https://wiki.debian.org/AppArmor
I have been testing totem for a few months, on a Debian sid system,
with the attached AppArmor profile (FWIW, this profile is mostly the
one that can be found in
http://bazaar.launchpad.net/~apparmor-dev/apparmor-profiles/master/,
with a few missing rules added). I have not run into any single
problem with it. During that time, I have also been running Totem from
experimental for a while, so I believe newer versions are covered too.
Attached is a patch that adds this AppArmor support to totem.
Please consider applying it.
Note that enforcing AppArmor profiles is currently opt-in: applying
the attached does not change anything for users unless they enable
AppArmor system-wide themselves.
Cheers,
--
intrigeri
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: totem_apparmor_v1.patch
Type: text/x-diff
Size: 6259 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnome-maintainers/attachments/20120610/a4a4bb10/attachment.patch>
More information about the pkg-gnome-maintainers
mailing list