touch-packages team mailing list archive

Thread
Date

[Bug 1456628] Re: DBUS API doesn't prevent confined apps from passing paths to files without access

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1456628@xxxxxxxxxxxxxxxxxx>
Date: Wed, 03 Jun 2015 19:20:41 -0000
Reply-to: Bug 1456628 <1456628@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

This bug was fixed in the package content-hub -
0.0+15.10.20150603-0ubuntu1

---------------
content-hub (0.0+15.10.20150603-0ubuntu1) wily; urgency=medium

  [ Ken VanDine ]
  * SECURITY UPDATE: file disclosure via unchecked AppArmor profile (LP:
    #1456628) Don't allow exporting of files that aren't allowed by the
    source apparmor profile CVE-2015-1327 (LP: #1456628)

 -- CI Train Bot <ci-train-bot@xxxxxxxxxxxxx>  Wed, 03 Jun 2015 17:45:36
+0000

** Changed in: content-hub (Ubuntu)
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to content-hub in Ubuntu.
https://bugs.launchpad.net/bugs/1456628

Title:
  DBUS API doesn't prevent confined apps from passing paths to files
  without access

Status in the base for Ubuntu mobile products:
  Confirmed
Status in content-hub package in Ubuntu:
  Fix Released
Status in content-hub source package in Vivid:
  Fix Released

Bug description:
  The DBUS API only requires a file path for a content item, it doesn't
  actually require the confined app have access to the file to create a
  transfer.  This could allow a malicious application using the DBUS API
  to export file:///etc/passwd which would then send a copy of that file
  to another app.

To manage notifications about this bug go to:
https://bugs.launchpad.net/canonical-devices-system-image/+bug/1456628/+subscriptions