On Fri, Nov 8, 2013 at 6:20 AM, Christian Boltz <opensuse(a)cboltz.de> wrote:
I don't know about the exact security risks -
maybe someone from the
security team knows more details.
With an AppArmor profile, you can make sure that acroread only reads
*.pdf files and doesn't read or modify random files on your disk. You
can also forbid networking - but this doesn't sound too useful when you
need to submit a form online ;-)
Anyway, I'll attach my AppArmor profile for acroread. It's not as tight
as it could be (and I'll probably do some changes to it now that I know
acroread won't get security updates anymore), but it's a good start.
Be warned that you will need to change it - for example I'm quite sure
your home directory is not /home/cb/ ;-)
Note: the profile only covers the binary, not the wrapper script.
Security flaws are not judged by whether there're workarounds...
You can have a entry on Release Note mention: ha, something doesn't
work...here's how to get it work. But you can't say: ha...we are
potential targets for...well here's how...
It'll mean: we're insecure by default...that's crazy and insane...of
course almost 90% of network tools' security flaws can be "fixed" by
disconnection from network...I don't wanna look like a troll but
that's an extreme example...
And I don't think a public hearing on a puclic mailing list for
explanations of what those security flaws are or where they're is a
_good_ idea...maybe we can open a _close_ security bug report?
To unsubscribe, e-mail: opensuse-factory+unsubscribe(a)opensuse.org
To contact the owner, e-mail: opensuse-factory+owner(a)opensuse.org