[Pkg-anonymity-tools] [torbrowser-launcher] 07/43: torbrowser-launcher must not be allowed to start itself unconfined.
Ulrike Uhlig
u-guest at moszumanska.debian.org
Tue Sep 2 07:19:54 UTC 2014
This is an automated email from the git hooks/post-receive script.
u-guest pushed a commit to branch master
in repository torbrowser-launcher.
commit 1908ba48c79aa0133204e6de03d8265dd5d0c341
Author: intrigeri <intrigeri at boum.org>
Date: Thu Aug 14 16:21:03 2014 +0000
torbrowser-launcher must not be allowed to start itself unconfined.
This is dangerous, as it basically allows that script to escape its
AppArmor sandbox. This also seems to be useless.
---
apparmor/usr.bin.torbrowser-launcher | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/apparmor/usr.bin.torbrowser-launcher b/apparmor/usr.bin.torbrowser-launcher
index e76af4b..1b2c03b 100644
--- a/apparmor/usr.bin.torbrowser-launcher
+++ b/apparmor/usr.bin.torbrowser-launcher
@@ -34,7 +34,7 @@
@{PROC}/uptime r,
/usr/bin/ r,
/usr/bin/{gpg,wmctrl,dirname,expr,file,getconf,id} rix,
- /usr/bin/torbrowser-launcher rux,
+ /usr/bin/torbrowser-launcher r,
/usr/share/file/magic.mgc r,
/usr/share/file/magic/ r,
/usr/share/themes/** r,
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/collab-maint/torbrowser-launcher.git
More information about the Pkg-anonymity-tools
mailing list