Screenshot could allow image data to be accessible to multiple users
Affects | Status | Importance | Assigned to | Milestone | ||
---|---|---|---|---|---|---|
budgie-desktop (Ubuntu) | Status tracked in Noble | |||||
Lunar |
Incomplete
|
High
|
fossfreedom | |||
Mantic |
Incomplete
|
High
|
fossfreedom | |||
Noble |
Fix Released
|
High
|
fossfreedom |
Bug Description
[ Impact ]
* Analysis by upstream for budgie-desktop has noted that the use of /tmp to pass screenshot images between the server and client dbus elements of budgie-desktop could allow another user sharing the same machine to access the temporary image that was captured on another users session.
This has been resolved by not using an accessible folder location such as /tmp to pass data. Instead a user-space location is used which is not accessible to other users.
Upstream have resolved this in their v10.8.2 release. This issue is suitable to be backported to supported Ubuntu releases that incorporate this screenshot capability
[ Test Plan ]
* Since this issue has now switched the stored location to user-space the test plan needs to:
a) ensure the existing screenshot capability works as expected;
b) verify that /tmp is NOT being used and that the transitory files are being written to the user-space locations i.e. $XDG_RUNTIME_DIR or $HOME are being used instead.
Use the following notify script (save as ~/notifydir.sh and chmod +x ~/notifydir.sh) to watch a folder - run it in three tilix sessions:
#!/bin/bash
monitor_path="$1"
inotifywait -m "$monitor_path" -e create -e moved_to |
while read path action file; do
echo "The file '$file' appeared in directory '$path' via '$action'"
ls -la "$path/$file"
done
i.e. in session 1 run ~/notifydir.sh /tmp
in session 2 run ~/notifydir.sh $XDG_RUNTIME
in session 3 run ~/notifydir.sh $HOME
1. From the menu launch budgie-screenshot and take a screenshot of the screen
2. Save the image and open the image via nemo - double clicking the image will open in a picture editor such as gthumb
3. Repeat for taking a picture of a window and and area.
4. Repeat the whole screen screenshot by pressing the keyboard printscreen key
For all of the above examine the tilix sessions. Session 1 should not show temporary screenshot files being written in /tmp (format .budgiescreensh
Session 2 for UB should show screenshot files being written (format .budgiescreensh
Session 3 for UB should not show any screenshot files being written (format .budgiescreensh
[ Where problems could occur ]
* The issue is specific to budgie-desktop users only and is limited to one specific capability of budgie i.e. its screenshot capability.
* If the user space locations - XDG_RUNTIME_DIR or HOME do not exist then the screenshot capability will not capture the image. It is considered that it is highly unlikely that a budgie-desktop user will be attempting to run a session without a HOME folder location i.e. the ultimately fallback screenshot requires.
[ Other Info ]
* None.
Changed in budgie-desktop (Ubuntu Lunar): | |
importance: | Undecided → High |
Changed in budgie-desktop (Ubuntu Mantic): | |
importance: | Undecided → High |
Changed in budgie-desktop (Ubuntu Lunar): | |
assignee: | nobody → fossfreedom (fossfreedom) |
Changed in budgie-desktop (Ubuntu Mantic): | |
assignee: | nobody → fossfreedom (fossfreedom) |
description: | updated |
information type: | Private Security → Public |
description: | updated |
summary: |
- Screenshot could propagate arbitary image data between multiple users + Screenshot could allow image data to be accessible to multiple users |
Changed in budgie-desktop (Ubuntu Lunar): | |
status: | New → In Progress |
Changed in budgie-desktop (Ubuntu Mantic): | |
status: | New → In Progress |
Changed in budgie-desktop (Ubuntu Noble): | |
status: | In Progress → Fix Committed |
description: | updated |
description: | updated |
This needs an upload for noble before it can be accepted as SRU.