Comment 5 for bug 1901572

First I don't totally know where the LD_LIBRARY_PATH is being messed up so I included snapcraft and snapd. Feel free to remove one or the other if not relevant.

Second, the attack vector here is that the user downloads something from the internet (let's say fantastic_4.tar.gz) then uses a snap inside the downloaded directory. The malicious directory/libc could then gain code execution. Normally running a program in an attacker controlled directory should not result in attacker code execution and would be considered a bad security vulnerability (ie exploiting vlc on its own).

I agree that the code shipped with the snap and the user doing this to themselves is not a security concern, but most people download files and that's where the danger is.

There are a lot of scenarios you could picture: vlc in a downloaded movie archive, code editor in a malicious source repo, chromium run by something like npm source watch, ghex being run on a suspicious binary to decide if it is malicious, docker building a docker image, etc.

In each example the user is running a snap in a potential downloaded directory which results in code execution which normally would not have happened if they had installed the app without snap.

This is not a great look for snap if this is not fixed