[Bug 1051921] Re: lens-bar-keynavigation periodically writes to /tmp/wut.png

Ritesh Khadgaray 1051921 at bugs.launchpad.net
Mon Aug 19 08:03:32 UTC 2013 

** Description changed:

- Style::SquareButton writes a small png to /tmp/wut.png - see
- https://code.launchpad.net/~gordallott/unity/hud/+merge/90085
+ [Impact]
  
- If I make /tmp/wut.png a symlink to some file on the system writeable by
- the owner of the unity process, then I can get them to destroy that
- file.  Boooooooo.
+  * Style::SquareButton writes a small png to /tmp/wut.png
+  * If a user creates /tmp/wut.png as a symlink to some file on the system writeable by the owner of the unity process, then he/she can destroy that file. 
+ 
+ [Test Case]
+ 
+  * log out, login with the upgraded package and check for presence of
+ "/tmp/wut.png"
+ 
+ 
+ [Regression Potential] 
+ 
+  * n/a
+ 
+ [Other Info]
+  
+  * Marc Deslauriers from the security team said it isn't a problem on Ubuntu because we have symlink restrictions (in this case part of the Yama LSM [1]).
+ 
+  * We believe, not everyone is necessarily running Yama LSM.

** Tags added: precise

-- 
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1051921

Title:
  lens-bar-keynavigation periodically writes to /tmp/wut.png

Status in Unity:
  Fix Committed
Status in Unity 5.0 series:
  In Progress
Status in “unity” package in Ubuntu:
  Fix Released
Status in “unity” source package in Precise:
  In Progress

Bug description:
  [Impact]

   * Style::SquareButton writes a small png to /tmp/wut.png
   * If a user creates /tmp/wut.png as a symlink to some file on the system writeable by the owner of the unity process, then he/she can destroy that file. 

  [Test Case]

   * log out, login with the upgraded package and check for presence of
  "/tmp/wut.png"

  
  [Regression Potential] 

   * n/a

  [Other Info]
   
   * Marc Deslauriers from the security team said it isn't a problem on Ubuntu because we have symlink restrictions (in this case part of the Yama LSM [1]).

   * We believe, not everyone is necessarily running Yama LSM.

To manage notifications about this bug go to:
https://bugs.launchpad.net/unity/+bug/1051921/+subscriptions

More information about the Ubuntu-sponsors mailing list