[Pkg-anonymity-tools] [torbrowser-launcher] 24/43: AppArmor: allow Firefox to read processes and tasks' stats.

[Ulrike Uhlig]

This is an automated email from the git hooks/post-receive script.

u-guest pushed a commit to branch master
in repository torbrowser-launcher.

commit 6446ab62d817b431d586c351bd984450aedec23c
Author: intrigeri <intrigeri at boum.org>
Date:   Thu Aug 14 17:25:54 2014 +0000

    AppArmor: allow Firefox to read processes and tasks' stats.
    
    This partially reverts commit 04b24660, that made the opposite change for
    reasons that are unknown to me.
    
    stat files are used in the JiffiesSinceBoot function
    (xpcom/ds/TimeStamp_posix.cpp), which is used to compute process lifetime.
    The consequences of blocking this access are unclear to me: it might plug issues
    wrt. anonymity that the Tor Browser team would have missed (ask them?), but it
    can as well introduce security issues by forcing Firefox to downgrade to worse
    sources of information. If crypto is in play there, we would be playing
    a dangerous game by blocking Firefox from accessing this information.
---
 apparmor/torbrowser.Browser.firefox | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/apparmor/torbrowser.Browser.firefox b/apparmor/torbrowser.Browser.firefox
index 41b1a71..da90762 100644
--- a/apparmor/torbrowser.Browser.firefox
+++ b/apparmor/torbrowser.Browser.firefox
@@ -21,16 +21,15 @@
   deny /etc/group r,
   deny /etc/mailcap r,
 
-  deny @{PROC}/[0-9]*/stat r,
   deny @{PROC}/[0-9]*/mountinfo r,
   deny @{PROC}/[0-9]*/task/** r,
   deny @{PROC}/[0-9]*/fd/ r,
-  deny @{PROC}/[0-9]*/stat r,
-  deny @{PROC}/[0-9]*/task/*/stat r,
 
   deny /etc/machine-id r,
   deny /var/lib/dbus/machine-id r,
 
+  @{PROC}/[0-9]*/stat r,
+  @{PROC}/[0-9]*/task/*/stat r,
   @{PROC}/sys/kernel/random/uuid r,
 
   ## Missing in <abstractions/user-download> #######

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/collab-maint/torbrowser-launcher.git