© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
Hi Kev,
Not yet - Seth can you please assign one?
Kev, there seems to be a few different issues here - the lock file being able to be controlled by a regular user means they can control the execution of Apport which makes your exploit workable, but I get the feeling that whilst this is clearly an issue, that even if we mitigate this there is still the issue that Apport could be made to race against PID reuse anyway and so it seems this is still worthy of it's own CVE. I am wondering if it would be sufficient to have Apport NOT set the real process ID when doing the initial drop_privileges() but to instead set the effective user ID only (or perhaps the file-system user ID only here) - then you would not be able to pause it as a regular user (but I am not familiar enough with the rest of Apport to know if this will break other parts of it).
Also we could perhaps try and do some checking when writing out the crash file that the PID which we are writing out still has the same user ID as the one which we originally were called for (and this is already available in the real_pid variable).
I would be keen to get your thoughts on these ideas and perhaps any other thoughts you might have on how best to resolve this.