Thunderbird with AppArmor should not be able to render X unusable

To: debian-x@lists.debian.org
Subject: Thunderbird with AppArmor should not be able to render X unusable
From: Erich Schubert <erich@debian.org>
Date: Sun, 8 Jul 2018 00:15:35 +0200
Message-id: <[🔎] 48429d38-94d3-4b6a-5863-c14cfb349247@debian.org>

Hi,

Please see bug #900840: https://bugs.debian.org/900840

---

thunderbird cannot be started anymore and breaks X. X does not update
the screen anymore, the cursor can still be moved and shows on the
screen while nothing can be clicked on or interacted with. Application
which e.g. play sound seem to still continue running, but cannot be
controlled fia the GUI anymore. The X-server needs to be completely
restarted to fix the issue.

---

it should be added that killing the thunderbird process does not repairthe X server...

This was caused by apparmor denying access to the graphics card, theoriginal policy bug has since been fixed.

However, this indicates that it is possible for a client application torender the X server unusable, i.e., a local user DoS attack against theX server? Worst case, you could render a screen, damage the xserverusing above issue, then trigger a policy prompt such as polkit and trickthe user to click an unwanted option. It's probably minor - as itsupposedly requires authenticated access to DRI - but who knows?


Regards,
Erich

Reply to:

Prev by Date: Bug#902965: xserver-xorg-core: lxdm fails to start xserver with 2:1.20.0-3
Next by Date: Bug#901701: bumblebee: using optirun introduces segfault in i965_dri.so
Previous by thread: Processed: Re: grub-legacy 0.97-73 segfaults
Next by thread: Bug#901701: bumblebee: using optirun introduces segfault in i965_dri.so
Index(es):
- Date
- Thread