[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#975951: libreoffice tries to access files of firefox profiles (AppArmor)

Hi,

On Fri, Nov 27, 2020 at 04:48:22PM +0100, Rene Engelhard wrote:
> 16:41 < _rene_> is there any plan to be able to use /.pki/nssdb? (see
> https://wiki.mozilla.org/NSS_Shared_DB_And_LINUX)
> 16:41 < _rene_> instead of the mozilla profile?
> 16:42 -!- hallnknight
> [~hallnknig@2401:4900:3b30:951d:983d:6f8:9c88:2aef] has joined
> #libreoffice-dev
> 16:42 < _rene_> (context:
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=975951 and
> https://bugs.documentfoundation.org/show_bug.cgi?id=119811)
> 16:42 < IZBot> bug 119811: LibreOffice-LibreOffice normal/medium NEW
> LibreOffice 6.0.6 spies on my Firefox keychain when opening MS documents
> 16:43 < mst___> _rene_, if there's some UI for users to add their certs
> to that location then sure
> 16:44 < _rene_> one can do so without a UI? not everything needs a UI?
> 16:44 < _rene_> at least make it honour that path in addition
> 16:45 < _rene_> mst___: users nowadays also don't use firefox :)
16:48 <@thorsten> _rene_: thought nss can only use one path?
16:49 < _rene_> no idea, can't one initialize nss two times and use one instance for firefox and the other for that one?
16:49 < _rene_> I mean, there must be more application not relying only on firefox?
16:50 <@thorsten> we had similar issues with thunderbird vs. firefox cert stores,
16:50 < _rene_> mmh
16:50 <@thorsten> IIRC the suggestion was for users to set the proper env var,
16:50 <@thorsten> and we're off the hook?
16:50 <@vmiklos> or just set their preferred path in LO, using tools -> options
16:51 < _rene_> but MOZILLA_CERTIFICATE_FOLDER if you mean that will expect a firefox profile and not work with ~/.pki/nssdb, will it?
16:52 <@vmiklos> you would have to check, possibly both just contain files like certX.db and keyY.db, so perhaps works out of the box
16:52 -!- OlegShtch [~Thunderbi@37.112.63.140] has joined #libreoffice-dev
16:52 < _rene_> ah, right, there's the "Options", didn't know
16:54 < _rene_> ok, related to this:
16:54 < _rene_> why does LO request w permissions?
16:54 < _rene_> r should simply suffice, shouldn't it?
16:55 < _rene_> or is this nss actually opening it? (I guess so...)
16:56 -!- hallnknight [~hallnknig@2401:4900:3b30:951d:983d:6f8:9c88:2aef] has quit [Ping timeout: 264 seconds]
16:56 -!- sberg [~sberg@dynamic-077-003-206-224.77.3.pool.telefonica.de] has quit [Quit: Leaving]
16:56 <@vmiklos> i guess ideally it should be read-only, right.
16:56 -!- hallnknight [~hallnknig@223.187.154.213] has joined #libreoffice-dev
16:57  * _rene_ writes that into https://bugs.documentfoundation.org/show_bug.cgi?id=119811
16:57 < IZBot> bug 119811: LibreOffice-LibreOffice normal/medium NEW LibreOffice 6.0.6 spies on my Firefox keychain when opening MS documents
16:57 < _rene_> (with the chat here cut'n'pasted)

So one can set ~/.pki/nssdb oneself (but then the apparmor profile should probably be adapted), but
the default will not change in LO (see above).

Regards,
 
Rene
Reply to: