© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
a60fb26
(Get the code!)
I had some more time to look into this. /var/crash/ is world-writable so I used the f.crash file from this bug description and moved it into that directory. Just as this bug description suggests, gnome-calculator is launched once the crash file is processed.
If the crash file is owned by my user, the gnome-calculator process runs as my user. If the crash file is owned by root, the gnome-calculator process runs as root after I authenticate as an administrative user. I still don't see a way to escalate privileges with this bug.
If the impact of this bug is that a user can craft a crash file that causes code to be run as that user, I don't feel like this is a security issue. Do you agree, Felix?