Attached is a proposed fix for the vulnerability (at least the focal version). It connects to more hooks to prevent snaps from:
* requesting the daemon quit
* listing modules
* loading modules
* unloading modules
* kill clients
It also updates some deprecated libsnapd-glib API usage. With this version installed, the "record-exploit.disable-security" command will fail. Other commands that will fail include:
Attached is a proposed fix for the vulnerability (at least the focal version). It connects to more hooks to prevent snaps from:
* requesting the daemon quit
* listing modules
* loading modules
* unloading modules
* kill clients
It also updates some deprecated libsnapd-glib API usage. With this version installed, the "record- exploit. disable- security" command will fail. Other commands that will fail include:
record- exploit. pactl list modules exploit. pactl load-module whatever exploit. pactl unload-module 1 exploit. pactl exit
record-
record-
record-
(there is no pactl command to test killing clients).