This bug was fixed in the package budgie-desktop - 10.8-2ubuntu4
---------------
budgie-desktop (10.8-2ubuntu4) noble; urgency=medium
* Bug-fix
- Use user-space location to pass screenshot data in a user session
(LP: #2040045)
-- David Mohammed <fossfree...@ubuntu.com> Tue, 07 Nov 2023 18:27:06
+0000
** Changed in: budgie-desktop (Ubuntu Noble)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of ubuntu
budgie bug busters, which is subscribed to budgie-desktop in Ubuntu.
https://bugs.launchpad.net/bugs/2040045
Title:
Screenshot could allow image data to be accessible to multiple users
Status in budgie-desktop package in Ubuntu:
Fix Released
Status in budgie-desktop source package in Lunar:
In Progress
Status in budgie-desktop source package in Mantic:
In Progress
Status in budgie-desktop source package in Noble:
Fix Released
Bug description:
[ Impact ]
* Analysis by upstream for budgie-desktop has noted that the use of
/tmp to pass screenshot images between the server and client dbus
elements of budgie-desktop could allow another user sharing the same
machine to access the temporary image that was captured on another
users session.
This has been resolved by not using an accessible folder location such
as /tmp to pass data. Instead a user-space location is used which is
not accessible to other users.
Upstream have resolved this in their v10.8.2 release. This issue is
suitable to be backported to supported Ubuntu releases that
incorporate this screenshot capability
[ Test Plan ]
* Since this issue has now switched the stored location to user-space the
test plan needs only to ensure the existing screenshot capability works as
expected
1. From the menu launch budgie-screenshot and take a screenshot of the screen
2. Save the image and open the image via nemo - double clicking the image
will open in a picture editor such as gthumb
3. Repeat for taking a picture of a window and and area.
4. Repeat the whole screen screenshot by pressing the keyboard printscreen
key
[ Where problems could occur ]
* The issue is specific to budgie-desktop users only and is limited to one
specific capability of budgie i.e. its screenshot capability.
* If the user space locations - XDG_RUNTIME_DIR or HOME do not exist then
the screenshot capability will not capture the image. It is considered that it
is highly unlikely that a budgie-desktop user will be attempting to run a
session without a HOME folder location i.e. the ultimately fallback screenshot
requires.
[ Other Info ]
* None.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/budgie-desktop/+bug/2040045/+subscriptions
--
Mailing list: https://launchpad.net/~budgie-remix-bug-busters
Post to : budgie-remix-bug-busters@lists.launchpad.net
Unsubscribe : https://launchpad.net/~budgie-remix-bug-busters
More help : https://help.launchpad.net/ListHelp
