The built-in terminal is not set read-only
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Software Updater |
Invalid
|
Medium
|
Unassigned | ||
update-manager (Ubuntu) |
Triaged
|
Wishlist
|
Unassigned |
Bug Description
Binary package hint: update-manager
The build-in terminal is not set read-only and a user can therefore send characters to the terminal. This is insecure and the user can interrupt the upgrade procedure using the keystroke CTRL+C (and/or cause other interruptions).
It wouldn't surprise me if a user could this way inject commands but I haven't yet tried that. Since the tools runs with administrator priveledges and since I can imagine some administrators making it possible for their users to run this tool (for example by manipulating sudo) and/or since this could be used by a malware software to run the program (sending the password using caught passwords by listening on the X11 keyboard) and rapidly sending such a CTRL+C to get administrative priveledges, I'm confident this bug should be marked as critical at least.
Changed in update-manager: | |
status: | Confirmed → Triaged |
I can try to do a prove of concept for this one. I believe the shell process that runs the apt-get software should be the ONLY ONE that runs under root priveledges. The UI shouldn't as there's multiple security issues with Gtk+ programs.
Using a pipe you can very easily achieve that. You could also create a very simple helper application that sends-back information like the progression information and/or the output of the terminal. This is the proof that the complete tool is being run as root:
root 7221 1.2 6.7 99940 70132 ? Ssl 10:36 0:07 /usr/bin/python /usr/bin/ update- manager
Ubuntu is very lucky it doesn't have people like me trying to write malware. I could probably create a tool that would gain root priveledges in 50 minutes. This is total insanity and extremely insecure.