This bug was fixed in the package wireplumber - 0.4.17-1ubuntu1
---------------
wireplumber (0.4.17-1ubuntu1) noble; urgency=medium
* Add patch to add support for snap permissions (LP: #1995707)
-- Sergio Costas <sergio.cos...@canonical.com> Wed, 24 Jan 2024
12:54:23 -0500
** Changed in: wireplumber (Ubuntu)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to pipewire in Ubuntu.
https://bugs.launchpad.net/bugs/1995707
Title:
pipewire-pulse grants microphone access to snaps without audio-record
plugged
Status in pipewire package in Ubuntu:
Fix Released
Status in wireplumber package in Ubuntu:
Fix Released
Bug description:
In Kinetic, pipewire-pulse is used in place of pulseaudio. We had
patches in pulseaudio to detect when the client was a snap, and
disable access to microphones if the snap didn't have audio-record
plugged as described here:
https://snapcraft.io/docs/audio-record-interface
There doesn't seem to be any equivalent code in pipewire-pulse.
Steps to reproduce:
1. Build the record-exploit snap I put together for this previous bug:
https://bugs.launchpad.net/ubuntu/+source/pulseaudio/+bug/1877102/comments/1
2. Install snap with "snap install --dangerous record-
exploit_0.1_amd64.snap".
3. Run "mkdir -p $XDG_RUNTIME_DIR/snap.record-exploit" (I forgot to
include this in the PoC snap).
4. Run "record-exploit.parecord /tmp/foo.wav"
Expected behaviour: the parecord call results in an error.
Observed behaviour: the parecord call records sound from the mic (into
/tmp/snap.record-exploit/tmp/foo.wav).
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pipewire/+bug/1995707/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
