Comment 52 for bug 1620771

Hi Markus, please note that the bit of code you are referencing in cmd_run.go, is run by the calling user, i.e. when I do

```
snap run hello-world
```

the bit of code in migrateXauthority is run by my user (id 1000), and only after that function completes does privileged code execute when we exec() snap-confine, which is setuid root, and so the things inside snap-confine are running with elevated privilege, and as Zygmunt pointed out, any file manipulation done inside snap-confine should be properly handled with dropping privileges to user-owned files before manipulating them, etc. but in general I think that we try to do any user-specific things like this XAUTHORITY code you find as the user directly before we execute snap-confine.

We take security very seriously and ensure that the Canonical/Ubuntu security team reviews as many relevant PR's as possible in snapd (including all such PR's which modify snap-confine). In the future, if you are concerned about security vulnerabilities inside snapd, please raise your concerns in a responsible manner by filing either a private security bug for the snapd project, or by emailing security @ ubuntu.com.

Thanks