Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 22 Oct 2013 19:50:33 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
Subject: Re: CVE Request: lightdm no longer confines guest
 profile with AppArmor

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/22/2013 12:52 PM, Marc Deslauriers wrote:
> Hello,
> 
> Christian Prim discovered that Light Display Manager 1.8.0 and
> later no longer use the appropriate wrapper when launching guest
> sessions, resulting in the session not being confined by AppArmor.
> 
> Bug report: https://bugs.launchpad.net/lightdm/+bug/1243339
> 
> Could a CVE please be assigned to this issue?
> 
> Thanks,
> 
> Marc.
> 

Ok to confirm the app armor profile is applied by default to lightdm
and the guest account, and was meant to prevent guest from touching
/home at all? I just wanna confirm this is a security vuln and not
security hardening.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)

iQIcBAEBAgAGBQJSZytpAAoJEBYNRVNeJnmTzzoP/iPZWVmyzy+9p5L9hZl8n7yD
dxehTeZ5T+/jCuMPB9NXiNFpErYlmQL0stLsrJ+14dIk1Xd/JUV0+VX0HfUN4P88
ubQ6is4MmCGk3MydK9JMHB8qvOcOMNYjp8F77BrbLzQxOE0v2O3dma2QAkm4dids
xGfvi0ci52jNLrd3we5gfH4TyQ3lvnRpFdglShn95QVSlVK/2D4W8S+pPKI0G9zH
wF7xrmIw2fb4FURznvcTbDkY1W7nwTpssG3o9XWaJDpw1dNyuMVd6YszPolgWXfw
H/xcWZtT5qa2lnHlA7KSfSEcG/ABP8a7uy0RoGrHUvrXEpHZPQQXn42EDU/J9fHp
8x6v9CTZE/MDyMJqgOUl5znYjMtzyMLt8wBS6OBETfHc+lmi8uNr1oilLULGCRXv
aRxTdffaTrTzjSZLKQuMVGPuFK3oZLGwyfjSHXJemQ0ify4O9IB/wB0vy/MC7+o3
nQ1LvM2SXNF32FzWYD+BfynCeNdQGnrGNrI5DyZ45H1UQ9OwTO2rmJtEShcWcNPF
SrBphV9Jr4yANF9KmuyK/hafhDndzBKOq4Puepq1EP0ZeyESrgGmUglncHaJwaf4
n03vT59llDt/2hhx+uBvkDCYq6uvN7ITkYasMnFRhC//mL1tnkCwneGwxBMW0vkv
pxxWV0dGOh8n+YnQos0J
=CuO1
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ