Ubuntu
qtmir package

unity-mir authorizes any process with specific cmdline

Bug #1311011 reported by Michal Hruby
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
qtmir (Ubuntu)
New
Undecided
Unassigned

Bug Description

The ApplicationManager inside unity-mir authorizes any process that has "qt5/libexec/QtWebProcess" in its cmdline, so a malicious app could just run itself with `./malicious --ignore qt5/libexec/QtWebProcess`.

Michał Sawicz (saviq)
Changed in unity-mir:
status: New → Triaged
importance: Undecided → Medium
Daniel d'Andrada (dandrader)
no longer affects: unity-mir
Michał Sawicz (saviq)
affects: qtmir → qtmir (Ubuntu)
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.