← Back to team overview

dx-packages team mailing list archive

  1. dx-packages team
  2. Mailing list archive
  3. Message #11839

[Bug 1051921] Re: lens-bar-keynavigation periodically writes to /tmp/wut.png

  Thread PreviousDate PreviousThread Next 
Actually, it doesn't seem to be fixed in Precise.  This is the latest
changelog entry of the current Precise version:

unity (5.20.0-0ubuntu3) precise-proposed; urgency=low

  * Add initial support for pointer barriers with xinput2 api. (LP: #1242633)
    - Fallback to xfixes stays available.
  * Bump dependencies to compile with both pointer barriers implementations.

 -- Maarten Lankhorst <maarten.lankhorst@xxxxxxxxxx>  Thu, 05 Sep 2013
11:58:32 +0200

It's 0ubuntu3 as the one in the proposed patch, but it's actually a
completely different entry, referencing a different bug.

-- 
You received this bug notification because you are a member of DX
Packages, which is subscribed to unity in Ubuntu.
Matching subscriptions: dx-packages
https://bugs.launchpad.net/bugs/1051921

Title:
  lens-bar-keynavigation periodically writes to /tmp/wut.png

Status in Unity:
  Fix Released
Status in Unity 5.0 series:
  Fix Released
Status in “unity” package in Ubuntu:
  Fix Released
Status in “unity” source package in Precise:
  Fix Released

Bug description:
  [Impact]

   * Style::SquareButton writes a small png to /tmp/wut.png
   * If a user creates /tmp/wut.png as a symlink to some file on the system writeable by the owner of the unity process, then he/she can destroy that file.

  [Test Case]

   * log out
   * log in with the upgraded package
   * open the terminal application using control-alt-T, ensure the terminal is focused
   * invoke the HUD by pressing the Alt key and typing f (the HUD menu selection 'drop
     down' must appear to trigger the png file write)
   * check for presence of "/tmp/wut.png"

  [Regression Potential]

   * n/a

  [Other Info]

   * Marc Deslauriers from the security team said it isn't a problem on
  Ubuntu because we have symlink restrictions (in this case part of the
  Yama LSM [1]).

   * We believe, not everyone is necessarily running Yama LSM.

To manage notifications about this bug go to:
https://bugs.launchpad.net/unity/+bug/1051921/+subscriptions
  Thread PreviousDate PreviousThread Next