Gergo Koteles discovered a sandbox escape when using Flatpak in conjunction with xdg-desktop-portal.
Impact
A malicious or compromised Flatpak app could execute arbitrary code outside its sandbox.
Description
Normally, the --command argument of flatpak run expects to be given a command to run in the specified Flatpak app, optionally along with some arguments. For example:
flatpak run --command=ls org.gnome.gedit
The original implementation of this was subject to CWE-88: in Flatpak versions that have this vulnerability, it is possible to pass a long option name to --command=, such as --bind, and it will be misinterpreted as a bwrap option. For example, one may do
flatpak run --command=--bind org.gnome.gedit / /host ls -l /host
Which will run:
bwrap ...lots of stuff... --bind / /host ls -l /host
It is possible to pass an arbitrary commandline to the portal interface org.freedesktop.portal.Background.RequestBackground from within a Flatpak app. Normally this is safe, because it can only specify a command that exists inside the sandbox; but when a crafted commandline is converted into a --command and arguments, the app could achieve the same effect of passing arguments directly to bwrap, and therefore achieve sandbox escape.
The solution is for Flatpak to use the -- argument to bwrap, which makes it stop processing options, before appending the attacker-specified command. The -- argument has been supported since bubblewrap 0.3.0, and all supported versions of Flatpak already require at least that version of bubblewrap.
A mitigation is that xdg-desktop-portal versions 1.18.4 and 1.16.1 no longer allow Flatpak apps to create new .desktop files for commands that start with -.
Patches
For the supported stable branches, this is fixed in 1.10.x ≥ 1.10.9, 1.12.x ≥ 1.12.9, 1.14.x ≥ 1.14.6.
For the development branch, this is fixed in version 1.15.8. As a reminder, all branches of the form 1.odd.x are development versions which do not have ongoing support.
If long-term support distributions want to backport the fix to older versions, the changes that were made in 1.10.x are likely to be the closest match. In very old versions, it might be necessary to either upgrade bubblewrap, or use env instead of --.
Workarounds
xdg-desktop-portal versions 1.18.4 and 1.16.1 mitigate this vulnerability by only allowing Flatpak apps to create .desktop files for commands that do not start with -.
Gergo Koteles discovered a sandbox escape when using Flatpak in conjunction with xdg-desktop-portal.
Impact
A malicious or compromised Flatpak app could execute arbitrary code outside its sandbox.
Description
Normally, the
--commandargument offlatpak runexpects to be given a command to run in the specified Flatpak app, optionally along with some arguments. For example:The original implementation of this was subject to CWE-88: in Flatpak versions that have this vulnerability, it is possible to pass a long option name to
--command=, such as--bind, and it will be misinterpreted as abwrapoption. For example, one may doWhich will run:
It is possible to pass an arbitrary
commandlineto the portal interfaceorg.freedesktop.portal.Background.RequestBackgroundfrom within a Flatpak app. Normally this is safe, because it can only specify a command that exists inside the sandbox; but when a craftedcommandlineis converted into a--commandand arguments, the app could achieve the same effect of passing arguments directly tobwrap, and therefore achieve sandbox escape.The solution is for Flatpak to use the
--argument tobwrap, which makes it stop processing options, before appending the attacker-specified command. The--argument has been supported since bubblewrap 0.3.0, and all supported versions of Flatpak already require at least that version of bubblewrap.A mitigation is that
xdg-desktop-portalversions 1.18.4 and 1.16.1 no longer allow Flatpak apps to create new.desktopfiles for commands that start with-.Patches
For the supported stable branches, this is fixed in 1.10.x ≥ 1.10.9, 1.12.x ≥ 1.12.9, 1.14.x ≥ 1.14.6.
For the development branch, this is fixed in version 1.15.8. As a reminder, all branches of the form 1.odd.x are development versions which do not have ongoing support.
If long-term support distributions want to backport the fix to older versions, the changes that were made in 1.10.x are likely to be the closest match. In very old versions, it might be necessary to either upgrade bubblewrap, or use
envinstead of--.Workarounds
xdg-desktop-portalversions 1.18.4 and 1.16.1 mitigate this vulnerability by only allowing Flatpak apps to create.desktopfiles for commands that do not start with-.