Bug#914370: [apparmor] Bug#914370: cups-daemon: AppArmor profile allows cupsd to create setuid binaries under /etc

To: John Johansen <john.johansen@canonical.com>, Didier 'OdyX' Raboud <odyx@debian.org>, debbug@dbwats.plus.com, 914370@bugs.debian.org, apparmor@lists.ubuntu.com
Subject: Bug#914370: [apparmor] Bug#914370: cups-daemon: AppArmor profile allows cupsd to create setuid binaries under /etc
From: intrigeri <intrigeri@debian.org>
Date: Sun, 27 Jan 2019 15:01:40 +0100
Message-id: <[🔎] 87a7jmci7v.fsf@manticora>
Reply-to: intrigeri <intrigeri@debian.org>, 914370@bugs.debian.org
In-reply-to: <14648374-6912-5cf3-ce75-b2d18e210985@canonical.com>
References: <154290991927.2844.1890316243615226986.reportbug@debian.dbwats.plus.com> <18373590.LeH7HVQihv@odyx.org> <87lg4pk1o0.fsf@boum.org> <14648374-6912-5cf3-ce75-b2d18e210985@canonical.com> <154290991927.2844.1890316243615226986.reportbug@debian.dbwats.plus.com>

Hi John & others,

John Johansen:
> Policy can be adjusted to include trap profiles that will attach
> to binaries executed out of these directories. The trap profile
> can grant limited to no permissions.
> [...]
> short term: confine users & a trap profile(s) on the /etc/cups dir

I was not able to find any reference to the "trap profile" idea
in our documentation. Could you please point me in the right
direction? Thanks in advance!

Cheers,
-- 
intrigeri

Reply to:

Follow-Ups:
- Bug#914370: [apparmor] Bug#914370: cups-daemon: AppArmor profile allows cupsd to create setuid binaries under /etc
  - From: Christian Boltz <debian-bugs@cboltz.de>

Prev by Date: Re: How long until a deleted printer actually vanishes?
Next by Date: Bug#914370: [apparmor] Bug#914370: cups-daemon: AppArmor profile allows cupsd to create setuid binaries under /etc
Previous by thread: ghostscript_9.26a~dfsg-0+deb9u1_sourceonly.changes ACCEPTED into proposed-updates->stable-new
Next by thread: Bug#914370: [apparmor] Bug#914370: cups-daemon: AppArmor profile allows cupsd to create setuid binaries under /etc
Index(es):
- Date
- Thread