Ubuntu
apport package

if non-system application crash processed in same run as system application crash report, apport re-launches non-system app as root

Bug #445017 reported by Delan Azabani
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
apport (Ubuntu)
Fix Released
High
Martin Pitt

Bug Description

When indicator-applet segfaults, it pops up three successive messages about its crash, (Sorry, x closed unexpectedly), one with "indicator-applet", one with "indicator-applet-something" and one with "Indicator Applet".

The third message, with "Indicator Applet", has a "Restart Program" button. I press that, and it restarts the name applet up the top-right corner, but as root!

Ubuntu Karmic Beta
indicator-applet 0.2.0-0ubuntu1
indicator-messages 0.2.5-0ubuntu1
indicator-session 0.1.6-0ubuntu1
indicator-applet-session 0.2.0-0ubuntu1
libindicate3 0.2.0-0ubuntu1

Søren Bredlund Caspersen (soeren-b-c)
affects: ubuntu → indicator-applet (Ubuntu)
Revision history for this message
Ted Gould (ted) wrote :

Can you reproduce this easily?

Revision history for this message
Delan Azabani (azabani) wrote :

I'm not sure. I can't now because I can't re add the applet. When in the Add to Panel dialog, the Indicator Applet just adds the other one, a little mail icon to launch Ekiga and Pidgin. I can't re-add the indicator applet with your short UNIX username and the menu.

Revision history for this message
Ted Gould (ted) wrote : Re: [Bug 445017] Re: When restarting indicator applet after its crash, it launches as root

On Sun, 2009-10-11 at 00:28 +0000, Delan Azabani wrote:
> I'm not sure. I can't now because I can't re add the applet. When in the
> Add to Panel dialog, the Indicator Applet just adds the other one, a
> little mail icon to launch Ekiga and Pidgin. I can't re-add the
> indicator applet with your short UNIX username and the menu.

There should be a "Indicator Applet" and an "Indicator Applet Session"
The session is the one that you're speaking of.

Kees Cook (kees)
Changed in indicator-applet (Ubuntu):
status: New → Incomplete
Revision history for this message
Sebastien Bacher (seb128) wrote : Re: When restarting indicator applet after its crash, it launches as root

We are closing this bug report as it lacks the information, described in the previous comments, we need to investigate the problem further. However, please reopen it if you can give us the missing information and don't hesitate to submit bug reports in the future.

Changed in indicator-applet (Ubuntu):
importance: Undecided → Low
status: Incomplete → Invalid
Revision history for this message
ChrisLees (christopher-lees) wrote :

I have just come across this bug as well, on a fully up-to-date Lucid. I can't seem to reproduce it with my limited knowledge, but I'm sure a developer could find a way to reproduce it. And I'm sure a knowledgeable attacker could do the same.

Indicator Applet crashes. Apport offers to restart the program; but presumably as Apport runs as root, it starts a new instance of Gnome Panel as root (the name on the top-right corner is 'root', and if you go to Applications > Accessories > Terminal it starts a root terminal).

The original Gnome Panel is still running underneath; if you kill the root instance you will see your user's regular panels again.

This could be regarded as a local privilege escalation attack.

Changed in indicator-applet (Ubuntu):
status: Invalid → Confirmed
Kees Cook (kees)
summary: - When restarting indicator applet after its crash, it launches as root
+ if non-system application crash processed in same run as system
+ application crash report, apport re-launches non-system app as root
Revision history for this message
Kees Cook (kees) wrote :

I can confirm this -- when apport-gtk runs on finding a system crash, it will also process non-system crashes, resulting in "restart" being done as root. To reproduce:

sudo echo
sudo sleep 1d &
sudo kill -SEGV $!
*wait for apport icon to appear on toolbar*
gcalctool &
kill -SEGV $!
*click on apport icon, gksudo of apport-gtk launches, enter password*

prompt for restarting gcalctool appears. if you restart, it launches as root.

Seems like apport-gtk should skip non-system crashes when running as root and re-exec itself or something with dropped privs for the non-system crashes.

Changed in indicator-applet (Ubuntu):
assignee: nobody → Martin Pitt (pitti)
Kees Cook (kees)
affects: indicator-applet (Ubuntu) → apport (Ubuntu)
Revision history for this message
Martin Pitt (pitti) wrote :

This can lead to unexpectedly running programs with much higher privileges, bumping priority.

Changed in apport (Ubuntu):
importance: Low → Medium
status: Confirmed → In Progress
importance: Medium → High
Revision history for this message
Martin Pitt (pitti) wrote :

trunk r1760

Changed in apport (Ubuntu):
status: In Progress → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package apport - 1.13.3-0ubuntu1

---------------
apport (1.13.3-0ubuntu1) lucid; urgency=low

  * New upstream bug fix release:
    - data/general-hooks/parse_segv.py: suggest segv-in-kernel possibility.
    - ui.py: When running as root, only show system crash reports, to avoid
      restarting user programs as root. (LP: #445017)
 -- Martin Pitt <email address hidden> Wed, 14 Apr 2010 14:42:28 +0200

Changed in apport (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.