UDM doesn't check for confinement before running post-processing commands
Bug #1567960 reported by
Michael Sheldon
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| ubuntu-download-manager |
Fix Released
|
Critical
|
Michael Sheldon | ||
Bug Description
UDM provides support for running commands after a download is completed, this is currently made use of for click package installation. However this functionality should be restricted to only unconfined applications, but currently isn't. This means that any confined application can make use of the UDM C++ API to run arbitrary commands in an unconfined environment as the phablet user.
Related branches
lp:~michael-sheldon/ubuntu-download-manager/fix-1567960
- Tyler Hicks: Approve
- PS Jenkins bot: Needs Fixing (continuous-integration)
- CI Train Bot Account: Pending requested
- Jamie Strandboge: Pending (security) requested
-
Diff: 15 lines (+5/-0)1 file modifiedsrc/downloads/priv/ubuntu/downloads/file_download.cpp (+5/-0)
CVE References
| Changed in ubuntu-download-manager: | |
| status: | New → In Progress |
| importance: | Undecided → Critical |
| assignee: | nobody → Michael Sheldon (michael-sheldon) |
Revision history for this message
| Marc Deslauriers (mdeslaur) wrote | #1 |
| information type: | Private Security → Public Security |
| Changed in ubuntu-download-manager: | |
| status: | In Progress → Fix Released |
To post a comment you must log in.
This is CVE-2016-1579