Permalink
Show file tree
Hide file tree
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
fix: Do not run sensible-pager as root if using sudo/pkexec
The apport-cli supports view a crash. These features invoke the default pager, which is likely to be less, other functions may apply. It can be used to break out from restricted environments by spawning an interactive system shell. If the binary is allowed to run as superuser by sudo, it does not drop the elevated privileges and may be used to access the file system, escalate or maintain privileged access. apport-cli should normally not be called with sudo or pkexec. In case it is called via sudo or pkexec execute `sensible-pager` as the original user to avoid privilege elevation. Proof of concept: ``` $ sudo apport-cli -c /var/crash/xxx.crash [...] Please choose (S/E/V/K/I/C): v !id uid=0(root) gid=0(root) groups=0(root) !done (press RETURN) ``` This fixes CVE-2023-1326. Bug: https://launchpad.net/bugs/2016023 Signed-off-by: Benjamin Drung <benjamin.drung@canonical.com>
- Loading branch information
Showing
3 changed files
with
14 additions
and
8 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters