Code review comment for lp:~chipaca/snap-confine/unshare

Revision history for this message
Tyler Hicks (tyhicks) wrote :

I didn't get to finish my review before my EOD but I have found an issue where an unprivileged user can still traverse paths that they shouldn't have access to and, at least, have arbitrary directories created:

tyhicks$ mkdir /tmp/snaps.1000
tyhicks$ ln -s /root /tmp/snaps.1000/cat
tyhicks$ sudo ls /root
tyhicks$ ./ubuntu-core-launcher cat BAD apparmor /apps/cat/cat
unable to make /tmp/ private. errmsg: Invalid argument
tyhicks$ sudo ls /root
BAD

I'll look some more tomorrow.

review: Needs Fixing

« Back to merge proposal