felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix access to /tmp using libpam-tmpdir in Debian (#318)

Browse source 
In Debian with the use of libpam-tmpdir, the paths for $TMP and $TMPDIR
for PAM sessions are affected by much stronger rules and permissions,
providing additional security to the environment.

Those rules for the directory

/tmp/user/@{uid}/<affected_program>

In the case of qBitorrent this applies to the following directory:

/tmp/user/@{uid}/.qBitorrent

This PR fixes the bug and allows qBittorrent to work correctly
under these conditions.

Note: This PR would also have positive effects on Whonix, which uses
libpam-tmpdir according to this link
(https://forums.whonix.org/t/make-symlink-attacks-and-other-tmp-based-attacks-harder-or-impossible-using-libpam-tmpdir/8488)
This commit is contained in:
Jose Maldonado 2024-04-28 06:27:39 -04:00 committed by GitHub
parent fc64028097
commit b4e5837bb9
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 2 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

2
apparmor.d/profiles-m-r/qbittorrent
View file

@ -108,6 +108,8 @@ profile qbittorrent @{exec_path} {
owner /tmp/qtsingleapp-qBitto-* rw,
owner /tmp/qtsingleapp-qBitto-*-lockfile rwk,
owner /tmp/tmp* rw,
owner /tmp/user/@{uid}/.qBittorrent/ rw,
owner /tmp/user/@{uid}/.qBittorrent/** rw,
owner @{PROC}/@{pids}/cmdline r,
owner @{PROC}/@{pids}/comm r,