pipewire-pulse grants microphone access to snaps without audio-record plugged
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
pipewire (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
wireplumber (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
In Kinetic, pipewire-pulse is used in place of pulseaudio. We had patches in pulseaudio to detect when the client was a snap, and disable access to microphones if the snap didn't have audio-record plugged as described here:
https:/
There doesn't seem to be any equivalent code in pipewire-pulse.
Steps to reproduce:
1. Build the record-exploit snap I put together for this previous bug: https:/
2. Install snap with "snap install --dangerous record-
3. Run "mkdir -p $XDG_RUNTIME_
4. Run "record-
Expected behaviour: the parecord call results in an error.
Observed behaviour: the parecord call records sound from the mic (into /tmp/snap.
CVE References
Changed in pipewire (Ubuntu): | |
status: | New → Fix Committed |
Changed in wireplumber (Ubuntu): | |
status: | New → In Progress |
tags: | added: patch |
This seems like something that deserves a CVE, but I'm not sure what component exactly it would be against.