[Bug 1306769] Re: pinlock snap decision potentially allows malicious app to gain access to user PIN and Passcode

Mon, 15 Sep 2014 07:01:51 -0700 

Thanks for the feedback-- though I think we may need more information. Here is 
the current policy:
  dbus (receive)
       bus=session
       path="/com/canonical/hud/publisher*"
       interface="org.gtk.Menus"
       member="Start",
  dbus (receive)
       bus=session
       path="/com/canonical/hud/publisher*"
       interface="org.gtk.Menus"
       member="End",
  dbus (send)
       bus=session
       path="/com/canonical/hud/publisher*"
       interface="org.gtk.Menus"
       member="Changed"
       peer=(name=org.freedesktop.DBus),
  dbus (receive)
       bus=session
       path="/com/canonical/unity/actions"
       interface=org.gtk.Actions
       member={DescribeAll,Activate},
  dbus (send)
       bus=session
       path="/com/canonical/unity/actions"
       interface=org.gtk.Actions
       member=Changed
       peer=(name=org.freedesktop.DBus),
  dbus (receive)
       bus=session
       path="/context_*"
       interface=org.gtk.Actions
       member="DescribeAll",


Related policy is:
  dbus (send)
       bus=session
       path="/com/canonical/hud"
       interface="org.freedesktop.DBus.Properties"
       member="GetAll",
  dbus (send)
       bus=session
       path="/com/canonical/hud"
       interface="com.canonical.hud"
       member="RegisterApplication",
  dbus (receive, send)
       bus=session
  dbus (receive)
       bus=session
       path="/com/canonical/hud"
       interface="com.canonical.hud"
       member="UpdatedQuery",
  dbus (receive)
       bus=session
       interface="com.canonical.hud.Awareness"
       member="CheckAwareness",


My understanding was that apps were *not* supposed to be allowed to use snap 
decisions, which is why Mirco had me add this policy:
  audit deny dbus bus=session
                  interface="com.canonical.snapdecisions",


Can this policy be circumvented? If yes, can someone demonstrate how? If not, 
are you saying that the push notifications dialogs can be used to fake the 
pinlock dialog? If so, moving the pin lock snap decision to another service 
will not solve this and the only way to solve that would be to make sure that 
the pinlock snap decision looks sufficiently visually different and that 
applications can't influence a push notification to look like it.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1306769

Title:
  pinlock snap decision potentially allows malicious app to gain access
  to user PIN and Passcode

To manage notifications about this bug go to:
https://bugs.launchpad.net/unity-notifications/+bug/1306769/+subscriptions

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to