UDM doesn't check for confinement before running post-processing commands
Bug #1567960 reported by
Michael Sheldon
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ubuntu-download-manager |
Fix Released
|
Critical
|
Michael Sheldon |
Bug Description
UDM provides support for running commands after a download is completed, this is currently made use of for click package installation. However this functionality should be restricted to only unconfined applications, but currently isn't. This means that any confined application can make use of the UDM C++ API to run arbitrary commands in an unconfined environment as the phablet user.
Related branches
lp:~michael-sheldon/ubuntu-download-manager/fix-1567960
- Tyler Hicks: Approve
- PS Jenkins bot: Needs Fixing (continuous-integration)
- CI Train Bot Account: Pending requested
- Jamie Strandboge: Pending (security) requested
-
Diff: 15 lines (+5/-0)1 file modifiedsrc/downloads/priv/ubuntu/downloads/file_download.cpp (+5/-0)
CVE References
Changed in ubuntu-download-manager: | |
status: | New → In Progress |
importance: | Undecided → Critical |
assignee: | nobody → Michael Sheldon (michael-sheldon) |
information type: | Private Security → Public Security |
Changed in ubuntu-download-manager: | |
status: | In Progress → Fix Released |
To post a comment you must log in.
This is CVE-2016-1579