| 2023-10-21 09:34:07 |
fossfreedom |
bug |
|
|
added bug |
| 2023-10-21 09:34:29 |
fossfreedom |
nominated for series |
|
Ubuntu Mantic |
|
| 2023-10-21 09:34:29 |
fossfreedom |
bug task added |
|
budgie-desktop (Ubuntu Mantic) |
|
| 2023-10-21 09:34:29 |
fossfreedom |
nominated for series |
|
Ubuntu Lunar |
|
| 2023-10-21 09:34:29 |
fossfreedom |
bug task added |
|
budgie-desktop (Ubuntu Lunar) |
|
| 2023-10-21 09:34:36 |
fossfreedom |
budgie-desktop (Ubuntu Lunar): importance |
Undecided |
High |
|
| 2023-10-21 09:34:39 |
fossfreedom |
budgie-desktop (Ubuntu Mantic): importance |
Undecided |
High |
|
| 2023-10-21 09:34:41 |
fossfreedom |
budgie-desktop (Ubuntu Lunar): assignee |
|
fossfreedom (fossfreedom) |
|
| 2023-10-21 09:34:44 |
fossfreedom |
budgie-desktop (Ubuntu Mantic): assignee |
|
fossfreedom (fossfreedom) |
|
| 2023-10-21 09:51:02 |
fossfreedom |
description |
Analysis by upstream for budgie-desktop has noted that the use of /tmp to pass screenshot images could allow another user sharing the same machine to craft an image that would potentially propagate on another users session.
This has been resolved by not using an accessible folder location such as /tmp to pass data. Instead a user-space location is used which is not accessible to other users. |
Analysis by upstream for budgie-desktop has noted that the use of /tmp to pass screenshot images between the server and client dbus elements of budgie-desktop could allow another user sharing the same machine to access the temporary image that was captured on another users session.
This has been resolved by not using an accessible folder location such as /tmp to pass data. Instead a user-space location is used which is not accessible to other users.
Upstream have resolved this in their v10.8.2 release. This issue is suitable to be backported to supported Ubuntu releases that incorporate this screenshot capability |
|
| 2023-10-21 09:51:17 |
fossfreedom |
information type |
Private Security |
Public |
|
| 2023-10-21 09:59:34 |
fossfreedom |
description |
Analysis by upstream for budgie-desktop has noted that the use of /tmp to pass screenshot images between the server and client dbus elements of budgie-desktop could allow another user sharing the same machine to access the temporary image that was captured on another users session.
This has been resolved by not using an accessible folder location such as /tmp to pass data. Instead a user-space location is used which is not accessible to other users.
Upstream have resolved this in their v10.8.2 release. This issue is suitable to be backported to supported Ubuntu releases that incorporate this screenshot capability |
[ Impact ]
* Analysis by upstream for budgie-desktop has noted that the use of /tmp to pass screenshot images between the server and client dbus elements of budgie-desktop could allow another user sharing the same machine to access the temporary image that was captured on another users session.
This has been resolved by not using an accessible folder location such as /tmp to pass data. Instead a user-space location is used which is not accessible to other users.
Upstream have resolved this in their v10.8.2 release. This issue is suitable to be backported to supported Ubuntu releases that incorporate this screenshot capability
[ Test Plan ]
* Since this issue has now switched the stored location to user-space the test plan needs only to ensure the existing screenshot capability works as expected
1. From the menu launch budgie-screenshot and take a screenshot of the screen
2. Save the image and open the image via nemo - double clicking the image will open in a picture editor such as gthumb
3. Repeat for taking a picture of a window and and area.
4. Repeat the whole screen screenshot by pressing the keyboard printscreen key
[ Where problems could occur ]
* The issue is specific to budgie-desktop users only and is limited to one specific capability of budgie i.e. its screenshot capability.
* If the user space locations - XDG_RUNTIME_DIR or HOME do not exist then the screenshot capability will not capture the image. It is considered that it is highly unlikely that a budgie-desktop user will be attempting to run a session without a HOME folder location i.e. the ultimately fallback screenshot requires.
[ Other Info ]
* None. |
|
| 2023-10-21 10:00:30 |
fossfreedom |
summary |
Screenshot could propagate arbitary image data between multiple users |
Screenshot could allow image data to be accessible to multiple users |
|
| 2023-10-21 10:06:52 |
fossfreedom |
budgie-desktop (Ubuntu Lunar): status |
New |
In Progress |
|
| 2023-10-21 10:06:58 |
fossfreedom |
budgie-desktop (Ubuntu Mantic): status |
New |
In Progress |
|
| 2023-11-07 18:25:55 |
fossfreedom |
nominated for series |
|
Ubuntu Noble |
|
| 2023-11-07 18:25:55 |
fossfreedom |
bug task added |
|
budgie-desktop (Ubuntu Noble) |
|
| 2023-11-07 18:34:22 |
fossfreedom |
budgie-desktop (Ubuntu Noble): status |
In Progress |
Fix Committed |
|
| 2023-11-14 15:15:17 |
Launchpad Janitor |
budgie-desktop (Ubuntu Noble): status |
Fix Committed |
Fix Released |
|
| 2023-11-16 14:34:07 |
Andreas Hasenack |
budgie-desktop (Ubuntu Mantic): status |
In Progress |
Incomplete |
|
| 2023-11-16 14:34:09 |
Andreas Hasenack |
budgie-desktop (Ubuntu Lunar): status |
In Progress |
Incomplete |
|
| 2023-11-16 14:45:04 |
fossfreedom |
description |
[ Impact ]
* Analysis by upstream for budgie-desktop has noted that the use of /tmp to pass screenshot images between the server and client dbus elements of budgie-desktop could allow another user sharing the same machine to access the temporary image that was captured on another users session.
This has been resolved by not using an accessible folder location such as /tmp to pass data. Instead a user-space location is used which is not accessible to other users.
Upstream have resolved this in their v10.8.2 release. This issue is suitable to be backported to supported Ubuntu releases that incorporate this screenshot capability
[ Test Plan ]
* Since this issue has now switched the stored location to user-space the test plan needs only to ensure the existing screenshot capability works as expected
1. From the menu launch budgie-screenshot and take a screenshot of the screen
2. Save the image and open the image via nemo - double clicking the image will open in a picture editor such as gthumb
3. Repeat for taking a picture of a window and and area.
4. Repeat the whole screen screenshot by pressing the keyboard printscreen key
[ Where problems could occur ]
* The issue is specific to budgie-desktop users only and is limited to one specific capability of budgie i.e. its screenshot capability.
* If the user space locations - XDG_RUNTIME_DIR or HOME do not exist then the screenshot capability will not capture the image. It is considered that it is highly unlikely that a budgie-desktop user will be attempting to run a session without a HOME folder location i.e. the ultimately fallback screenshot requires.
[ Other Info ]
* None. |
[ Impact ]
* Analysis by upstream for budgie-desktop has noted that the use of /tmp to pass screenshot images between the server and client dbus elements of budgie-desktop could allow another user sharing the same machine to access the temporary image that was captured on another users session.
This has been resolved by not using an accessible folder location such as /tmp to pass data. Instead a user-space location is used which is not accessible to other users.
Upstream have resolved this in their v10.8.2 release. This issue is suitable to be backported to supported Ubuntu releases that incorporate this screenshot capability
[ Test Plan ]
* Since this issue has now switched the stored location to user-space the test plan needs only to ensure the existing screenshot capability works as expected. The important part here is to verify that /tmp is NOT being used and that the transitory files are being written to the user-space locations i.e. $XDG_RUNTIME_DIR or $HOME are being used instead.
Use the following notify script (save as ~/notifydir.sh and chmod +x ~/notifydir.sh) to watch a folder - run it in three tilix sessions:
#!/bin/bash
monitor_path="$1"
inotifywait -m "$monitor_path" -e create -e moved_to |
while read path action file; do
echo "The file '$file' appeared in directory '$path' via '$action'"
ls -la "$path/$file"
done
i.e. in session 1 run ~/notifydir.sh /tmp
in session 2 run ~/notifydir.sh $XDG_RUNTIME
in session 3 run ~/notifydir.sh $HOME
1. From the menu launch budgie-screenshot and take a screenshot of the screen
2. Save the image and open the image via nemo - double clicking the image will open in a picture editor such as gthumb
3. Repeat for taking a picture of a window and and area.
4. Repeat the whole screen screenshot by pressing the keyboard printscreen key
For all of the above examine the tilix sessions. Session 1 should not show temporary screenshot files being written in /tmp (format .budgiescreenshot_tempfile). Note you will see other temporary files for the operating system in general but that should be expected
Session 2 for UB should show screenshot files being written (format .budgiescreenshot_tempfile).
Session 3 for UB should not show any screenshot files being written (format .budgiescreenshot_tempfile). This is as expected because UB should not normally use the fallback folder.
[ Where problems could occur ]
* The issue is specific to budgie-desktop users only and is limited to one specific capability of budgie i.e. its screenshot capability.
* If the user space locations - XDG_RUNTIME_DIR or HOME do not exist then the screenshot capability will not capture the image. It is considered that it is highly unlikely that a budgie-desktop user will be attempting to run a session without a HOME folder location i.e. the ultimately fallback screenshot requires.
[ Other Info ]
* None. |
|
| 2023-11-16 16:24:09 |
Andreas Hasenack |
description |
[ Impact ]
* Analysis by upstream for budgie-desktop has noted that the use of /tmp to pass screenshot images between the server and client dbus elements of budgie-desktop could allow another user sharing the same machine to access the temporary image that was captured on another users session.
This has been resolved by not using an accessible folder location such as /tmp to pass data. Instead a user-space location is used which is not accessible to other users.
Upstream have resolved this in their v10.8.2 release. This issue is suitable to be backported to supported Ubuntu releases that incorporate this screenshot capability
[ Test Plan ]
* Since this issue has now switched the stored location to user-space the test plan needs only to ensure the existing screenshot capability works as expected. The important part here is to verify that /tmp is NOT being used and that the transitory files are being written to the user-space locations i.e. $XDG_RUNTIME_DIR or $HOME are being used instead.
Use the following notify script (save as ~/notifydir.sh and chmod +x ~/notifydir.sh) to watch a folder - run it in three tilix sessions:
#!/bin/bash
monitor_path="$1"
inotifywait -m "$monitor_path" -e create -e moved_to |
while read path action file; do
echo "The file '$file' appeared in directory '$path' via '$action'"
ls -la "$path/$file"
done
i.e. in session 1 run ~/notifydir.sh /tmp
in session 2 run ~/notifydir.sh $XDG_RUNTIME
in session 3 run ~/notifydir.sh $HOME
1. From the menu launch budgie-screenshot and take a screenshot of the screen
2. Save the image and open the image via nemo - double clicking the image will open in a picture editor such as gthumb
3. Repeat for taking a picture of a window and and area.
4. Repeat the whole screen screenshot by pressing the keyboard printscreen key
For all of the above examine the tilix sessions. Session 1 should not show temporary screenshot files being written in /tmp (format .budgiescreenshot_tempfile). Note you will see other temporary files for the operating system in general but that should be expected
Session 2 for UB should show screenshot files being written (format .budgiescreenshot_tempfile).
Session 3 for UB should not show any screenshot files being written (format .budgiescreenshot_tempfile). This is as expected because UB should not normally use the fallback folder.
[ Where problems could occur ]
* The issue is specific to budgie-desktop users only and is limited to one specific capability of budgie i.e. its screenshot capability.
* If the user space locations - XDG_RUNTIME_DIR or HOME do not exist then the screenshot capability will not capture the image. It is considered that it is highly unlikely that a budgie-desktop user will be attempting to run a session without a HOME folder location i.e. the ultimately fallback screenshot requires.
[ Other Info ]
* None. |
[ Impact ]
* Analysis by upstream for budgie-desktop has noted that the use of /tmp to pass screenshot images between the server and client dbus elements of budgie-desktop could allow another user sharing the same machine to access the temporary image that was captured on another users session.
This has been resolved by not using an accessible folder location such as /tmp to pass data. Instead a user-space location is used which is not accessible to other users.
Upstream have resolved this in their v10.8.2 release. This issue is suitable to be backported to supported Ubuntu releases that incorporate this screenshot capability
[ Test Plan ]
* Since this issue has now switched the stored location to user-space the test plan needs to:
a) ensure the existing screenshot capability works as expected;
b) verify that /tmp is NOT being used and that the transitory files are being written to the user-space locations i.e. $XDG_RUNTIME_DIR or $HOME are being used instead.
Use the following notify script (save as ~/notifydir.sh and chmod +x ~/notifydir.sh) to watch a folder - run it in three tilix sessions:
#!/bin/bash
monitor_path="$1"
inotifywait -m "$monitor_path" -e create -e moved_to |
while read path action file; do
echo "The file '$file' appeared in directory '$path' via '$action'"
ls -la "$path/$file"
done
i.e. in session 1 run ~/notifydir.sh /tmp
in session 2 run ~/notifydir.sh $XDG_RUNTIME
in session 3 run ~/notifydir.sh $HOME
1. From the menu launch budgie-screenshot and take a screenshot of the screen
2. Save the image and open the image via nemo - double clicking the image will open in a picture editor such as gthumb
3. Repeat for taking a picture of a window and and area.
4. Repeat the whole screen screenshot by pressing the keyboard printscreen key
For all of the above examine the tilix sessions. Session 1 should not show temporary screenshot files being written in /tmp (format .budgiescreenshot_tempfile). Note you will see other temporary files for the operating system in general but that should be expected
Session 2 for UB should show screenshot files being written (format .budgiescreenshot_tempfile).
Session 3 for UB should not show any screenshot files being written (format .budgiescreenshot_tempfile). This is as expected because UB should not normally use the fallback folder.
[ Where problems could occur ]
* The issue is specific to budgie-desktop users only and is limited to one specific capability of budgie i.e. its screenshot capability.
* If the user space locations - XDG_RUNTIME_DIR or HOME do not exist then the screenshot capability will not capture the image. It is considered that it is highly unlikely that a budgie-desktop user will be attempting to run a session without a HOME folder location i.e. the ultimately fallback screenshot requires.
[ Other Info ]
* None. |
|
| 2023-11-16 17:14:09 |
Andreas Hasenack |
bug |
|
|
added subscriber Ubuntu Security Team |
