Comment 35 for bug 1813365

Chris, I've just read your blog post at:

https://shenaniganslabs.io/2019/02/13/Dirty-Sock.html

There you install a snap in devmode, which does a bunch of things to demonstrate that the snap can access system resources via the vulnerability in <2.37. Just for the record, it's slightly undue to claim that the snap is exploiting the system in that scenario, because a snap in devmode already has full access to the system anyway. No need for any exploits. If you install a snap in devmode, you gave root to the snap:

      --devmode Put snap in development mode and disable security confinement

If the snap was installed without devmode, it wouldn't not have access to the socket.

Again, thanks for the report. Just wanted to clarify this point.