Feature #8007

Self-audit our AppArmor profiles

Added by intrigeri 2014-10-05 07:13:00 . Updated 2015-06-04 16:08:57 .

Status:
Resolved
Priority:
Elevated
Assignee:
Category:
Target version:
Tails_1.4.1
Start date:
Due date:
% Done:

100%

Feature Branch:
bugfix/8007-AppArmor-hardening
Type of work:
Audit
Blueprint:

https://tails.boum.org/blueprint/audit_AppArmor_profiles/

Starter:
Affected tool:
Deliverable for:

Description

Let’s audit the AppArmor profiles we ship. Once we’ve done that ourselves and fixed the worst problems, we can ask other people to audit them.

Subtasks

Related issues

Related to Tails - Feature #8004: Basic AppArmor support Resolved 2014-10-05
Related to Tails - Bug #9370: tor-browser wrapper script offers avenues for arbitrary code execution to e.g. an exploited Pidgin Resolved 2015-05-11
Related to Tails - Bug #9534: Tighten AppArmor policy Resolved 2015-06-04

History

#1 Updated by intrigeri 2014-10-06 03:32:23

  • Description updated

#2 Updated by intrigeri 2014-10-06 05:27:21

#3 Updated by intrigeri 2015-01-16 14:52:49

  • Description updated

#4 Updated by intrigeri 2015-01-27 08:48:48

  • Description updated

#5 Updated by intrigeri 2015-01-27 08:50:19

  • Description updated

#6 Updated by intrigeri 2015-02-10 16:51:33

As part of this review, I’ll add comments wherever I feel it’s needed in the patches we apply to AppArmor profiles.

#7 Updated by intrigeri 2015-02-22 22:57:25

  • Priority changed from Normal to Elevated
  • Target version changed from Tails_1.3 to Tails_1.3.2

Clearly, I won’t make it in time for 1.3 => postponing, and thus raising priority. Meh.

#8 Updated by intrigeri 2015-03-29 15:43:16

  • Target version changed from Tails_1.3.2 to Tails_1.4

#9 Updated by intrigeri 2015-04-09 12:01:43

  • Description updated
  • Blueprint set to https://tails.boum.org/blueprint/audit_AppArmor_profiles/

(Moved useful bits from ticket desc. to the blueprint.)

#10 Updated by intrigeri 2015-04-09 13:15:54

  • Status changed from Confirmed to In Progress

#11 Updated by intrigeri 2015-04-27 04:42:26

  • Feature Branch set to bugfix/8007-AppArmor-hardening

#12 Updated by intrigeri 2015-05-02 05:24:44

  • % Done changed from 0 to 10

#13 Updated by intrigeri 2015-05-02 05:25:24

  • Description updated

#14 Updated by intrigeri 2015-05-11 11:46:05

  • related to Bug #9370: tor-browser wrapper script offers avenues for arbitrary code execution to e.g. an exploited Pidgin added

#15 Updated by intrigeri 2015-05-11 14:30:34

  • Target version changed from Tails_1.4 to Tails_1.4.1

The first issue that was discovered through this work (Bug #9370) was merged for 1.4. Postponing the rest again.

#16 Updated by intrigeri 2015-06-04 16:03:15

  • related to Bug #9533: Tighten Evince AppArmor policy added

#17 Updated by intrigeri 2015-06-04 16:05:52

  • related to deleted (Bug #9533: Tighten Evince AppArmor policy)

#18 Updated by intrigeri 2015-06-04 16:06:00

  • related to Bug #9534: Tighten AppArmor policy added

#19 Updated by intrigeri 2015-06-04 16:08:57

  • Status changed from In Progress to Resolved
  • Assignee deleted (intrigeri)
  • % Done changed from 10 to 100

I’m now done with everything I wanted to check. Audit results are on the blueprint, and follow-ups go to Bug #9534.