DBUS API doesn't prevent confined apps from passing paths to files without access
Bug #1456628 reported by
Ken VanDine
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Canonical System Image |
Fix Released
|
Critical
|
Bill Filler | ||
content-hub (Ubuntu) |
Fix Released
|
Critical
|
Ken VanDine | ||
Vivid |
Fix Released
|
Critical
|
Ken VanDine |
Bug Description
The DBUS API only requires a file path for a content item, it doesn't actually require the confined app have access to the file to create a transfer. This could allow a malicious application using the DBUS API to export file:///etc/passwd which would then send a copy of that file to another app.
Related branches
lp:~ken-vandine/content-hub/lp1456628
- Michael Sheldon (community): Approve
-
Diff: 489 lines (+192/-27)16 files modifiedCMakeLists.txt (+1/-0)
debian/apparmor/content-hub-testability (+15/-0)
debian/content-hub-testability.install (+1/-0)
debian/control (+4/-0)
debian/rules (+4/-0)
debian/tests/aa-check (+41/-0)
debian/tests/control (+3/-0)
src/com/ubuntu/content/CMakeLists.txt (+2/-0)
src/com/ubuntu/content/detail/service.h (+1/-1)
src/com/ubuntu/content/detail/transfer.cpp (+19/-2)
src/com/ubuntu/content/detail/transfer.h (+4/-2)
src/com/ubuntu/content/utils.cpp (+51/-7)
tests/peers/exporter/CMakeLists.txt (+2/-0)
tests/peers/exporter/autoexporter.cpp (+21/-12)
tests/peers/exporter/autoexporter.h (+4/-0)
tests/peers/exporter/exporter.cpp (+19/-3)
lp:~ken-vandine/content-hub/15.04-lp1456628
- Michael Sheldon (community): Approve
-
Diff: 489 lines (+192/-27)16 files modifiedCMakeLists.txt (+1/-0)
debian/apparmor/content-hub-testability (+15/-0)
debian/content-hub-testability.install (+1/-0)
debian/control (+4/-0)
debian/rules (+4/-0)
debian/tests/aa-check (+41/-0)
debian/tests/control (+3/-0)
src/com/ubuntu/content/CMakeLists.txt (+2/-0)
src/com/ubuntu/content/detail/service.h (+1/-1)
src/com/ubuntu/content/detail/transfer.cpp (+19/-2)
src/com/ubuntu/content/detail/transfer.h (+4/-2)
src/com/ubuntu/content/utils.cpp (+51/-7)
tests/peers/exporter/CMakeLists.txt (+2/-0)
tests/peers/exporter/autoexporter.cpp (+21/-12)
tests/peers/exporter/autoexporter.h (+4/-0)
tests/peers/exporter/exporter.cpp (+19/-3)
CVE References
information type: | Private Security → Public Security |
Changed in content-hub (Ubuntu Vivid): | |
assignee: | nobody → Ken VanDine (ken-vandine) |
importance: | Undecided → Critical |
status: | New → In Progress |
Changed in content-hub (Ubuntu Vivid): | |
status: | In Progress → Fix Released |
Changed in content-hub (Ubuntu): | |
status: | Fix Released → In Progress |
assignee: | nobody → Ken VanDine (ken-vandine) |
Changed in canonical-devices-system-image: | |
milestone: | none → ww24-2015 |
importance: | Undecided → Critical |
Changed in canonical-devices-system-image: | |
status: | Confirmed → Fix Released |
milestone: | ww24-2015 → ww22-2015 |
To post a comment you must log in.
This is CVE-2015-1327