mjg59 | Circumventing Ubuntu Snap confinement • https://goo.gl/CvMCX9 • I've produced a quick proof of concept of this. Grab XEvilTeddy from git, install Snapcraft (it's in 16.04), snapcraft snap, sudo snap install xevilteddy*.snap, /snap/bin/xevilteddy.xteddy . An adorable teddy bear! How cute. Now open Firefox and start typing, then check back in your terminal window. Oh no! All my secrets. Open another terminal window and give it focus. Oh no! An injected command that could instead have been a curl session that uploaded your private SSH keys to somewhere that's not going to respect your privacy.
#Ubuntu #snappy #snap #security #xorg #x #Mir #Wayland
- via Diaspora* Publisher -
