** Changed in: unity
Milestone: 7.1.2 => 7.1.1
** Changed in: unity
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of DX
Packages, which is subscribed to unity in Ubuntu.
Matching subscriptions: dx-packages
https://bugs.launchpad.net/bugs/1051921
Title:
lens-bar-keynavigation periodically writes to /tmp/wut.png
Status in Unity:
Fix Released
Status in Unity 5.0 series:
Fix Committed
Status in “unity” package in Ubuntu:
Fix Released
Status in “unity” source package in Precise:
Fix Committed
Bug description:
[Impact]
* Style::SquareButton writes a small png to /tmp/wut.png
* If a user creates /tmp/wut.png as a symlink to some file on the system
writeable by the owner of the unity process, then he/she can destroy that file.
[Test Case]
* log out
* log in with the upgraded package
* open the terminal application using control-alt-T, ensure the terminal is
focused
* invoke the HUD by pressing the Alt key and typing f (the HUD menu
selection 'drop
down' must appear to trigger the png file write)
* check for presence of "/tmp/wut.png"
[Regression Potential]
* n/a
[Other Info]
* Marc Deslauriers from the security team said it isn't a problem on
Ubuntu because we have symlink restrictions (in this case part of the
Yama LSM [1]).
* We believe, not everyone is necessarily running Yama LSM.
To manage notifications about this bug go to:
https://bugs.launchpad.net/unity/+bug/1051921/+subscriptions
--
Mailing list: https://launchpad.net/~dx-packages
Post to : dx-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~dx-packages
More help : https://help.launchpad.net/ListHelp
![[Dx-packages] [Bug 1051921] Re: lens-bar-keynavigation periodically writes to /tmp/wut.png](/search?l=dx-packages@lists.launchpad.net&q=subject:%22%5C%5BDx%5C-packages%5C%5D+%5C%5BBug+1051921%5C%5D+Re%5C%3A+lens%5C-bar%5C-keynavigation+periodically%09writes+to%09%5C%2Ftmp%5C%2Fwut.png%22&o=newest){kind=link}
