The conky apport script is not able to be expoited - whilst we can create a ~/.conkyrc specifying to load /etc/shadow say and then create a crash report to try and trigger this to occur:
When say whoopsie-upload-all runs, it either runs as a standard user - who does not have permission to read /etc/shadow - or it could run as root if say triggered by the system administrator - however in this case, since the script has:
conkyrc_path = path.expanduser('~/.conkyrc')
it will try and load /root/.conkyrc not one from the unprivileged user - hence there doesn't appear to be any way to use this to escalate privileges.
The conky apport script is not able to be expoited - whilst we can create a ~/.conkyrc specifying to load /etc/shadow say and then create a crash report to try and trigger this to occur:
echo "lua_load /etc/shadow" >> ~/.conkyrc
cat << EOF > /var/crash/ poc.crash
ProblemType: Crash
ExecutablePath: /poc
Package: conky 123
SourcePackage: conky
ProcStatus:
Pid:1000
Uid:1000
EOF
When say whoopsie-upload-all runs, it either runs as a standard user - who does not have permission to read /etc/shadow - or it could run as root if say triggered by the system administrator - however in this case, since the script has:
conkyrc_path = path.expanduser ('~/.conkyrc' )
it will try and load /root/.conkyrc not one from the unprivileged user - hence there doesn't appear to be any way to use this to escalate privileges.