lens-bar-keynavigation periodically writes to /tmp/wut.png
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Unity |
Fix Released
|
Medium
|
Stephen M. Webb | ||
5.0 |
Fix Released
|
Medium
|
Stephen M. Webb | ||
unity (Ubuntu) |
Fix Released
|
Low
|
Stephen M. Webb | ||
Precise |
Won't Fix
|
Low
|
Stephen M. Webb |
Bug Description
[Impact]
* Style::SquareButton writes a small png to /tmp/wut.png
* If a user creates /tmp/wut.png as a symlink to some file on the system writeable by the owner of the unity process, then he/she can destroy that file.
[Test Case]
* log out
* log in with the upgraded package
* open the terminal application using control-alt-T, ensure the terminal is focused
* invoke the HUD by pressing the Alt key and typing f (the HUD menu selection 'drop
down' must appear to trigger the png file write)
* check for presence of "/tmp/wut.png"
[Regression Potential]
* n/a
[Other Info]
* Marc Deslauriers from the security team said it isn't a problem on Ubuntu because we have symlink restrictions (in this case part of the Yama LSM [1]).
* We believe, not everyone is necessarily running Yama LSM.
Related branches
- PS Jenkins bot (community): Approve (continuous-integration)
- Brandon Schaefer (community): Approve
-
Diff: 19 lines (+0/-3)1 file modifiedunity-shared/DashStyle.cpp (+0/-3)
- Brandon Schaefer (community): Approve
-
Diff: 19 lines (+0/-3)1 file modifiedplugins/unityshell/src/DashStyle.cpp (+0/-3)
Changed in unity (Ubuntu Precise): | |
status: | New → Triaged |
importance: | Undecided → Low |
Changed in unity: | |
milestone: | none → 7.1.2 |
status: | New → Triaged |
importance: | Undecided → Medium |
Changed in unity: | |
status: | Triaged → In Progress |
Changed in unity (Ubuntu): | |
status: | Triaged → In Progress |
Changed in unity (Ubuntu Precise): | |
status: | Triaged → In Progress |
Changed in unity: | |
assignee: | nobody → Stephen M. Webb (bregma) |
Changed in unity (Ubuntu): | |
assignee: | nobody → Stephen M. Webb (bregma) |
Changed in unity (Ubuntu Precise): | |
assignee: | nobody → Stephen M. Webb (bregma) |
description: | updated |
tags: | added: precise |
description: | updated |
description: | updated |
description: | updated |
Changed in unity (Ubuntu Precise): | |
status: | In Progress → Fix Committed |
Changed in unity: | |
milestone: | 7.1.2 → 7.1.1 |
status: | Fix Committed → Fix Released |
Changed in unity (Ubuntu Precise): | |
status: | Fix Committed → Fix Released |
Changed in unity (Ubuntu Precise): | |
status: | Fix Released → Triaged |
No security impact because of the symlink restrictions in Ubuntu....it's just...bad coding.