[Bug 1888887] Re: Reading local files as root leads to sensitive information disclosure
Marc Deslauriers
1888887 at bugs.launchpad.net
Thu Sep 24 13:21:48 UTC 2020
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to packagekit in Ubuntu.
https://bugs.launchpad.net/bugs/1888887
Title:
Reading local files as root leads to sensitive information disclosure
Status in packagekit package in Ubuntu:
Fix Released
Bug description:
Hi,
The InstallFiles, GetFilesLocal and GetDetailsLocal methods of the
d-bus interface to PackageKit accesses given files before checking for
authorization. This allows non-privileged users to learn the MIME type
of any file on the system.
Example in attached Python script:
$ python3 test_file_exists_pk.py /root/.bashrc
File exists and is of MIME type: 'text/plain'
$ python3 test_file_exists_pk.py /root/.bashrca
File does not exist
Description: Ubuntu 20.04 LTS
Release: 20.04
packagekit:
Installed: 1.1.13-2ubuntu1
Candidate: 1.1.13-2ubuntu1
Version table:
*** 1.1.13-2ubuntu1 500
500 http://nl.archive.ubuntu.com/ubuntu focal/main amd64 Packages
100 /var/lib/dpkg/status
Kind regards,
Vaisha Bernard
EYE Control B.V.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/packagekit/+bug/1888887/+subscriptions
More information about the foundations-bugs
mailing list