Snappy

snaps using home interface have full access to SNAP_USER_DATA of other snaps

Bug #1575914 reported by Jamie Strandboge on 2016-04-27

256

This bug affects 1 person

	Status	Importance	Assigned to
Snappy	Fix Released	High	Jamie Strandboge
snapd (Ubuntu)	Fix Released	High	Unassigned
Xenial	Fix Released	High	Unassigned
Yakkety	Fix Released	High	Unassigned

Bug Description

When SNAP_USER_DATA changed to be $HOME/snap from $HOME/snaps, the corresponding change was not made to the home interface security policy, resulting in snaps using the home interface having full access to SNAP_USER_DATA of other snaps.

Tags:

Jamie Strandboge (jdstrand) on 2016-04-27

Changed in snapd (Ubuntu Xenial):
status:	New → Triaged
Changed in snapd (Ubuntu Yakkety):
status:	New → Triaged
Changed in snapd (Ubuntu Xenial):
importance:	Undecided → High
Changed in snapd (Ubuntu Yakkety):
importance:	Undecided → High
tags:	added: apparmor

Revision history for this message

Jamie Strandboge (jdstrand) wrote on 2016-04-28:

This is fixed in https://github.com/ubuntu-core/snappy/pull/1088, which was just merged.

Changed in snappy:
status:	In Progress → Fix Committed

Revision history for this message

Leo Arias (elopio) wrote on 2016-04-30:

This needs a regression user test. I'll add it to the TODO so we don't forget.

Paweł Stołowski (stolowski) on 2016-09-09

Changed in snappy:
status:	Fix Committed → Fix Released
Changed in snapd (Ubuntu Yakkety):
status:	Triaged → Fix Released
Changed in snapd (Ubuntu Xenial):
status:	Triaged → Fix Released

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.