[Bug 1829071] Re: Privilege escalation via LXD (local root exploit)
Thanks everyone! I appreciate you time and attention on this. Thanks again for your hard work on the LXD project in general, it's a great tool. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1829071 Title: Privilege escalation via LXD (local root exploit) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/1829071/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1813365] Re: Local privilege escalation via snapd socket
^ Sorry, just to add clarity: I am not demonstrating the exploit working from within a devmode snap. I am demonstrating a devmode snap packaged inside the exploit. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1813365 Title: Local privilege escalation via snapd socket To manage notifications about this bug go to: https://bugs.launchpad.net/snapd/+bug/1813365/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1813365] Re: Local privilege escalation via snapd socket
Hi Gustavo, Yes, but remember that this is a low-privilege user exploiting the bug in order to install a snap in devmode to get root. This does indeed require an exploit, so that the install hook can execute the commands as root and add a new user. It's simply an alternative exploit to using the create-user API. You can see the code at github.com/initstring/dirty_sock/ in the version 2. Some of the tech journalists covering this incorrectly claimed that my exploit would be bundled inside malicious snaps. This is where there is a bit of confusion, as you're 100% right - that snap would not have access to the socket, so that is not realistic. I've tried to correct folks where I can, but I think my blog posting is still correctly describing things. If you see something specific in the blog posting that should be corrected, please let me know. Thanks! -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1813365 Title: Local privilege escalation via snapd socket To manage notifications about this bug go to: https://bugs.launchpad.net/snapd/+bug/1813365/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1813365] Re: Local privilege escalation via snapd socket
Thanks again to everyone for your hard work, timely updates, and overall providing such a great disclosure experience. See you next time! - Chris -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1813365 Title: Local privilege escalation via snapd socket To manage notifications about this bug go to: https://bugs.launchpad.net/snapd/+bug/1813365/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs