[Bug 1857022] [NEW] gtk3-nocsd preloads a setuid library

Thu, 19 Dec 2019 07:36:52 -0800 

*** This bug is a security vulnerability ***

Public security bug reported:

Problem was originally reported int he snapcraft forum regarding snap-confine 
failing to launch snaps on Kubuntu:
https://forum.snapcraft.io/t/on-ubuntu-18-04-3-with-5-4-5-5-kernels-snaps-are-not-launching/14662/13

The following AppArmor denial triggered by snap-confined was observed in
the logs:

Dec 17 22:45:10 raffles audit[27067]: AVC apparmor=“DENIED”
operation=“file_mmap” profile="/snap/core/8323/usr/lib/snapd/snap-
confine" name="/usr/lib/x86_64-linux-gnu/libgtk3-nocsd.so.0" pid=27067
comm=“snap-confine” requested_mask=“m” denied_mask=“m” fsuid=0 ouid=0

Upon further investigation, the behavior was identified as correct as
far as snap-confine's AppArmor profile is concerned. The problem appears
to be caused by the libgtk3-nocsd0 package, which ships a setuid
library:

guest@ubuntu:/var/lib/dpkg/info$ ls -la 
/usr/lib/x86_64-linux-gnu/libgtk3-nocsd.so.0
-rwSr--r-- 1 root root 26616 Mar  3  2018 
/usr/lib/x86_64-linux-gnu/libgtk3-nocsd.so.0

and sets it up to be preloaded on non-GNOME desktops via Xsession.d
hooks. Since snap-confine is a setuid binary, and the library in
question is setuid as well, ld.so will attempt to load it.

The package also ships with a couple of lintian overrides:
libgtk3-nocsd0: setuid-binary usr/lib/*/libgtk3-nocsd.so.0 4644 root/root
libgtk3-nocsd0: non-standard-setuid-executable-perm 
usr/lib/*/libgtk3-nocsd.so.0 4644                                               
                                          
libgtk3-nocsd0: shlib-with-bad-permissions usr/lib/*/libgtk3-nocsd.so.0 4644


Library version:

ii  gtk3-nocsd                     3-1ubuntu1                          all      
    Disable Gtk+ 3 client side decorations (CSD)
ii  libgtk3-nocsd0:amd64           3-1ubuntu1                          amd64    
    Library to disable Gtk+ 3 client side decorations (CSD)

** Affects: gtk3-nocsd (Ubuntu)
     Importance: Undecided
         Status: New

** Affects: snapd (Ubuntu)
     Importance: Undecided
         Status: New

** Also affects: snapd (Ubuntu)
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1857022

Title:
  gtk3-nocsd preloads a setuid library

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gtk3-nocsd/+bug/1857022/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to