** Description changed: - Style::SquareButton writes a small png to /tmp/wut.png - see - https://code.launchpad.net/~gordallott/unity/hud/+merge/90085 + [Impact] - If I make /tmp/wut.png a symlink to some file on the system writeable by - the owner of the unity process, then I can get them to destroy that - file. Boooooooo. + * Style::SquareButton writes a small png to /tmp/wut.png + * If a user creates /tmp/wut.png as a symlink to some file on the system writeable by the owner of the unity process, then he/she can destroy that file. + + [Test Case] + + * log out, login with the upgraded package and check for presence of + "/tmp/wut.png" + + + [Regression Potential] + + * n/a + + [Other Info] + + * Marc Deslauriers from the security team said it isn't a problem on Ubuntu because we have symlink restrictions (in this case part of the Yama LSM [1]). + + * We believe, not everyone is necessarily running Yama LSM.
** Tags added: precise -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1051921 Title: lens-bar-keynavigation periodically writes to /tmp/wut.png To manage notifications about this bug go to: https://bugs.launchpad.net/unity/+bug/1051921/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
![[Bug 1051921] Re: lens-bar-keynavigation periodically writes to /tmp/wut.png](/search?l=ubuntu-bugs@lists.ubuntu.com&q=subject:%22%5C%5BBug+1051921%5C%5D+Re%5C%3A+lens%5C-bar%5C-keynavigation+periodically+writes+to+%5C%2Ftmp%5C%2Fwut.png%22&o=newest){kind=link}
