mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-05 17:01:00 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
apparmor/profiles
History
Jamie Strandboge c5968c70d0 abstractions/fonts: don't allow write of fontconfig cache files 
879531b36ec3dfc7f9b72475c68c30e4f4b7b6af changed access for
@{HOME}/.{,cache/}fontconfig/** to include 'w'rite. Fontconfig has been
a source of CVEs. Confined applications should absolutely have read
access, but write access could lead to breaking out of the sandbox if a
confined application can write a malformed font cache file since
unconfined applications could then pick them up and be controlled via
the malformed cache. The breakout is dependent on the fontconfig
vulnerability, but this is the sort of thing AppArmor is meant to help
guard against.
2019-09-09 15:52:40 -05:00
..
apparmor/profiles/extras postfix/master needs to execute postfix/error 2019-06-20 14:37:46 +02:00
apparmor.d abstractions/fonts: don't allow write of fontconfig cache files 2019-09-09 15:52:40 -05:00
Makefile add test to ensure abstractions have '#include if exists <*.d>' 2019-01-27 20:41:28 +01:00