On Mon 2018-02-05 17:55:27 +0100, Raphael Hertzog wrote: > I'm not quite sure of what colord is vulnerable. #889060 assumes the > attacker can create arbitrary hardlinks as the "colord" user in > /var/lib/colord. I don't know colord enough to know if that's the case > and why that would be the case. > > In general, when you have a dedicated user it's because you want to run a > daemon under that user to restrict its accesses. The interfaces of most > daemons do not allow end users to create hardlinks/symlinks in the data > directories of the daemon... hence this chown -R vulnerability is only > exploitable after having found another vulnerability in the daemon to > create the hardlinks and/or symlinks. > > That makes it much less important as a vulnerability. The goal here is defense in depth. If a compromise of colord results in scrambled color profiles, meh, i can accept it as the risk of running colord. If a compromise of colord results in the adversary getting root on my machine, i'll be pretty unhappy. --dkg
Attachment:
signature.asc
Description: PGP signature