snapd

strict snap can talk to X11 although not plugged (debian 11)

Bug #1981576 reported by A333 on 2022-07-13

256

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	snapd	New	Undecided	Unassigned

Bug Description

On my debian 11 system gnome wayland session, the thunderbird snap was suddenly using X11 instead of wayland.

I noticed it because I have a xeyes running and it was reacting to the mouse position when hovering over the thunderbird window (checked with disconnected x11 slot).

The snap should not have been able to communicate with X11. I think this should not happen. I want to prevent the snaps from accessing X11 and vice-versa.
Writing mails should should be confidential; also a compromised x11 snap probably could send email from thunderbird using my credentials.

I already posted this to https://forum.snapcraft.io/t/thunderbird-snap-can-access-x11-although-not-plugged-debian-11/30837 but did not get any replies.

After disconnecting thunderbird from the slot:

$ snap connections thunderbird
...
Interface Plug Slot Notes
wayland thunderbird:wayland :wayland -
x11 thunderbird:x11 - -

Restarting thunderbird or the user session did not change anything. xeyes still gets the input from thunderbird.

Thunderbird is confined strict and the snap version installed: 102.0.1-2 (228) 105MB -

This is inside a gnome wayland user session.

~$ snap version
snap 2.56.2
snapd 2.56.2
series 16
debian 11
kernel 5.10.0-16-amd64

$ snap connections thunderbird
Interface Plug Slot Notes
audio-playback thunderbird:audio-playback :audio-playback -
avahi-observe thunderbird:avahi-observe - -
browser-support thunderbird:browser-sandbox :browser-support -
camera thunderbird:camera - -
content[gnome-3-38-2004] thunderbird:gnome-3-38-2004 gnome-3-38-2004:gnome-3-38-2004 -
content[gtk-3-themes] thunderbird:gtk-3-themes gtk-common-themes:gtk-3-themes -
content[icon-themes] thunderbird:icon-themes gtk-common-themes:icon-themes -
content[sound-themes] thunderbird:sound-themes gtk-common-themes:sound-themes -
cups-control thunderbird:cups-control :cups-control -
desktop thunderbird:desktop :desktop -
desktop-legacy thunderbird:desktop-legacy :desktop-legacy -
gpg-keys thunderbird:gpg-keys - -
gsettings thunderbird:gsettings :gsettings -
home thunderbird:home :home -
network thunderbird:network :network

A333 (agrrr3) on 2023-03-02

information type:

Private Security → Public Security

Michael Vogt (mvo) on 2023-09-20

affects:

snappy → snapd

Revision history for this message

A333 (agrrr3) wrote on 2023-10-11:

Just a note that this is due to currently partial snap/apparmor support in debian (and probably most other non-ubuntu based distros).

Missing AF_POSIX mediation capabilities in the kernel. jjohansen said the necessary patches will be hopefully be mainlined in kernel 6.7 or 6.8

$ snap debug confinement
partial
$ snap debug sandbox-features | grep confinement
confinement-options: classic devmode

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.