Reproducible, plausibly dangerous, and not mentioned in the "install" section of the man page.
Sure, if one knows that canonical-published snaps can trigger installation of 3rd-party-published snaps despite specifically disabling the system-wide "APT::Install-Recommends" setting, one can act accordingly. But how would users even learn that snap, when solely instructed to install a non-privileged browser, also decides to enable a privileged network daemon? One that certainly has a high risk of exposing additional RCE bugs, the threat level of which in the snap scenario is however not obvious from documentation like https://ubuntu.com/security/cves?q=&package=cups -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to chromium-browser in Ubuntu. https://bugs.launchpad.net/bugs/2017447 Title: chromium installs cupsd snap Status in chromium-browser package in Ubuntu: Opinion Bug description: at some point, chromium has installed cupsd : cupsd isn't listed as installed in aptitude but it *is* listed under snap list if i wanted cups installed and printer support i would have installed it myself this shouldn't be installing itself through the backdoor via autoupdate there also doesn't seem to be anywhere in settings to turn it off Version 112.0.5615.49 (Official Build) snap (64-bit) (updated via snap refresh) ubuntu: 20.04 LTS ProblemType: Bug DistroRelease: Ubuntu 20.04 Uname: Linux 6.0.7-gnulibre-squashfix x86_64 ApportVersion: 2.20.11-0ubuntu27.26 Architecture: amd64 CasperMD5CheckResult: skip CurrentDesktop: ubuntu:GNOME Date: Sun Apr 23 13:58:18 2023 InstallationDate: Installed on 2017-04-18 (2196 days ago) InstallationMedia: Ubuntu 17.04 "Zesty Zapus" - Release amd64 (20170412) Snap: chromium 112.0.5615.49 (latest/stable) SnapSource: ubuntu/+source/chromium-browser UpgradeStatus: Upgraded to focal on 2020-04-25 (1093 days ago) mtime.conffile..etc.apport.crashdb.conf: 2020-06-07T21:16:26.397404 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/2017447/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
