2014-07-24 15:47:24 |
Olivier Tilloy |
bug |
|
|
added bug |
2014-07-24 15:48:36 |
Olivier Tilloy |
description |
This issue applies to desktop only, where StateSaver serializes data in files under /tmp. On devices, confined applications have their own TMPDIR, which makes it a non-issue, as far as I understand it.
StateSaver uses QSettings under the hood to persist data on disk, which issues a plain QFile::open(QFile::ReadWrite) call to open the file, which does not set the O_EXCL flag.
This makes it vulnerable to symlink attacks. |
This issue applies to desktop only, where StateSaver serializes data in files under /tmp. On devices, confined applications have their own TMPDIR, which makes it a non-issue, as far as I understand it.
StateSaver uses QSettings under the hood to persist data on disk, which issues a plain QFile::open(QFile::ReadWrite) call to open the file, which does not set the O_EXCL flag.
This makes it vulnerable to symlink attacks.
Using QTemporaryFile would solve this issue, but it might not be easy to do with QSettings. |
|
2014-07-24 16:06:34 |
Olivier Tilloy |
bug |
|
|
added subscriber Ubuntu Security Team |
2014-07-24 18:39:01 |
Zsombor Egri |
ubuntu-ui-toolkit: assignee |
|
Zsombor Egri (zsombi) |
|
2014-07-24 18:39:09 |
Zsombor Egri |
tags |
|
statesaver |
|
2014-07-24 19:28:37 |
Marc Deslauriers |
cve linked |
|
2014-1420 |
|
2014-07-24 19:29:01 |
Marc Deslauriers |
bug task added |
|
ubuntu-ui-toolkit (Ubuntu) |
|
2014-07-24 19:29:12 |
Marc Deslauriers |
nominated for series |
|
Ubuntu Utopic |
|
2014-07-24 19:29:12 |
Marc Deslauriers |
bug task added |
|
ubuntu-ui-toolkit (Ubuntu Utopic) |
|
2014-07-24 19:29:12 |
Marc Deslauriers |
nominated for series |
|
Ubuntu Trusty |
|
2014-07-24 19:29:12 |
Marc Deslauriers |
bug task added |
|
ubuntu-ui-toolkit (Ubuntu Trusty) |
|
2014-07-24 19:29:46 |
Marc Deslauriers |
ubuntu-ui-toolkit (Ubuntu Trusty): status |
New |
Confirmed |
|
2014-07-24 19:29:51 |
Marc Deslauriers |
ubuntu-ui-toolkit (Ubuntu Utopic): status |
New |
Confirmed |
|
2014-08-06 07:05:05 |
Zsombor Egri |
ubuntu-ui-toolkit: importance |
Undecided |
Critical |
|
2014-08-06 07:05:08 |
Zsombor Egri |
ubuntu-ui-toolkit: status |
New |
Confirmed |
|
2014-08-06 07:06:32 |
Zsombor Egri |
ubuntu-ui-toolkit (Ubuntu Trusty): status |
Confirmed |
Invalid |
|
2014-08-06 08:22:47 |
David Planella |
ubuntu-ui-toolkit (Ubuntu Trusty): status |
Invalid |
Won't Fix |
|
2014-08-06 08:24:37 |
Zsombor Egri |
ubuntu-ui-toolkit: status |
Confirmed |
In Progress |
|
2014-08-06 10:48:30 |
Launchpad Janitor |
branch linked |
|
lp:~zsombi/ubuntu-ui-toolkit/statesaver-path |
|
2014-08-06 11:27:56 |
Marc Deslauriers |
ubuntu-ui-toolkit (Ubuntu Trusty): status |
Won't Fix |
Confirmed |
|
2014-08-07 00:40:05 |
PS Jenkins bot |
ubuntu-ui-toolkit: status |
In Progress |
Fix Committed |
|
2014-09-05 14:12:41 |
Marc Deslauriers |
information type |
Private Security |
Public Security |
|
2014-09-05 14:12:48 |
Marc Deslauriers |
ubuntu-ui-toolkit (Ubuntu Utopic): status |
Confirmed |
Fix Released |
|
2014-09-05 14:13:25 |
Marc Deslauriers |
ubuntu-ui-toolkit (Ubuntu Trusty): importance |
Undecided |
Low |
|
2014-10-01 11:25:34 |
Zoltan Balogh |
ubuntu-ui-toolkit: status |
Fix Committed |
Fix Released |
|