Arbitrary code execution in snapcraft tour
Bug #1634415 reported by
Gianni Tedesco
This bug affects 2 people
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Snapcraft |
Fix Released
|
High
|
Tim Süberkrüb | ||
Bug Description
Snapcraft tour insecurely downloads arbitrary code and executes it.
The source URLs are all HTTP, snapcraft will just download that, untar it, run commands from inside it, build code from it, and put that code in to the snap. So this exposes both the build host and any host the tour snaps may later be installed on, to arbitrary code execution.
While the functionality itself (insecurely downloading code to run) may have some uses, it's probably an unnecessary level or risk to expose every snapcraft newcomer to.
| information type: | Private Security → Public Security |
Revision history for this message
| Leo Arias (elopio) wrote | #1 |
| Changed in snapcraft: | |
| status: | New → Confirmed |
| importance: | Undecided → High |
| tags: | added: security |
Revision history for this message
| Sergio Schvezov (sergiusens) wrote | #2 |
| Changed in snapcraft: | |
| status: | Confirmed → Fix Committed |
| assignee: | nobody → Tim Süberkrüb (tim-sueberkrueb) |
| milestone: | none → 2.31 |
| tags: | added: bitesize |
| Changed in snapcraft: | |
| status: | Fix Committed → Fix Released |
To post a comment you must log in.
We need to switch all our examples to https.