*** This bug is a security vulnerability ***
Public security bug reported:
When SNAP_USER_DATA changed to be $HOME/snap from $HOME/snaps, the
corresponding change was not made to the home interface security policy,
resulting in snaps using the home interface having full access to
SNAP_USER_DATA of other snaps.
** Affects: snappy
Importance: High
Assignee: Jamie Strandboge (jdstrand)
Status: In Progress
** Affects: snapd (Ubuntu)
Importance: High
Status: Triaged
** Affects: snapd (Ubuntu Xenial)
Importance: High
Status: Triaged
** Affects: snapd (Ubuntu Yakkety)
Importance: High
Status: Triaged
** Tags: apparmor
** Also affects: snapd (Ubuntu)
Importance: Undecided
Status: New
** Also affects: snapd (Ubuntu Yakkety)
Importance: Undecided
Status: New
** Also affects: snapd (Ubuntu Xenial)
Importance: Undecided
Status: New
** Changed in: snapd (Ubuntu Xenial)
Status: New => Triaged
** Changed in: snapd (Ubuntu Yakkety)
Status: New => Triaged
** Changed in: snapd (Ubuntu Xenial)
Importance: Undecided => High
** Changed in: snapd (Ubuntu Yakkety)
Importance: Undecided => High
** Tags added: apparmor
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1575914
Title:
snaps using home interface have full access to SNAP_USER_DATA of other
snaps
To manage notifications about this bug go to:
https://bugs.launchpad.net/snappy/+bug/1575914/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
