Hi Gustavo, Yes, but remember that this is a low-privilege user exploiting the bug in order to install a snap in devmode to get root.
This does indeed require an exploit, so that the install hook can execute the commands as root and add a new user. It's simply an alternative exploit to using the create-user API. You can see the code at github.com/initstring/dirty_sock/ in the version 2. Some of the tech journalists covering this incorrectly claimed that my exploit would be bundled inside malicious snaps. This is where there is a bit of confusion, as you're 100% right - that snap would not have access to the socket, so that is not realistic. I've tried to correct folks where I can, but I think my blog posting is still correctly describing things. If you see something specific in the blog posting that should be corrected, please let me know. Thanks! -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1813365 Title: Local privilege escalation via snapd socket To manage notifications about this bug go to: https://bugs.launchpad.net/snapd/+bug/1813365/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs