Overview

File CVE-2019-8308.patch of Package flatpak.11267

From 9cb5f1e465cf5a3e643caf7159e89530ae867be2 Mon Sep 17 00:00:00 2001
From: Alexander Larsson <alexl@redhat.com>
Date: Sun, 10 Feb 2019 18:23:44 +0100
Subject: [PATCH] Don't expose /proc when running apply_extra

As shown by CVE-2019-5736, it is sometimes possible for the sandbox
app to access outside files using /proc/self/exe. This is not
typically an issue for flatpak as the sandbox runs as the user which
has no permissions to e.g. modify the host files.

However, when installing apps using extra-data into the system repo
we *do* actually run a sandbox as root. So, in this case we disable mounting
/proc in the sandbox, which will neuter attacks like this.

(cherry picked from commit 468858c1cbcdbcb27266deb5c7347b37adf3a9e4)
---
 common/flatpak-common-types-private.h | 1 +
 common/flatpak-dir.c                  | 2 +-
 common/flatpak-run.c                  | 6 +++++-
 3 files changed, 7 insertions(+), 2 deletions(-)

Backported to 0.10.4 by alarrosa@suse.com

Index: flatpak-0.10.4/common/flatpak-run.h
===================================================================
--- flatpak-0.10.4.orig/common/flatpak-run.h
+++ flatpak-0.10.4/common/flatpak-run.h
@@ -184,6 +184,7 @@ typedef enum {
   FLATPAK_RUN_FLAG_DIE_WITH_PARENT    = (1 << 11),
   FLATPAK_RUN_FLAG_LOG_A11Y_BUS       = (1 << 12),
   FLATPAK_RUN_FLAG_NO_A11Y_BUS_PROXY  = (1 << 13),
+  FLATPAK_RUN_FLAG_NO_PROC            = (1 << 19),
 } FlatpakRunFlags;
 
 typedef struct _FlatpakExports FlatpakExports;
Index: flatpak-0.10.4/common/flatpak-dir.c
===================================================================
--- flatpak-0.10.4.orig/common/flatpak-dir.c
+++ flatpak-0.10.4/common/flatpak-dir.c
@@ -5153,7 +5153,7 @@ apply_extra_data (FlatpakDir          *s
                           NULL);
 
   if (!flatpak_run_setup_base_argv (bwrap, runtime_files, NULL, runtime_ref_parts[2],
-                                    FLATPAK_RUN_FLAG_NO_SESSION_HELPER,
+                                    FLATPAK_RUN_FLAG_NO_SESSION_HELPER | FLATPAK_RUN_FLAG_NO_PROC,
                                     error))
     return FALSE;
 
Index: flatpak-0.10.4/common/flatpak-run.c
===================================================================
--- flatpak-0.10.4.orig/common/flatpak-run.c
+++ flatpak-0.10.4/common/flatpak-run.c
@@ -4583,9 +4583,13 @@ flatpak_run_setup_base_argv (FlatpakBwra
                                     g->gr_name,
                                     getgid (), g_get_user_name ());
 
+  if ((flags & FLATPAK_RUN_FLAG_NO_PROC) == 0)
+    flatpak_bwrap_add_args (bwrap,
+                            "--proc", "/proc",
+                            NULL);
+
   flatpak_bwrap_add_args (bwrap,
                           "--unshare-pid",
-                          "--proc", "/proc",
                           "--dir", "/tmp",
                           "--dir", "/var/tmp",
                           "--dir", "/run/host",
openSUSE Build Service is sponsored by
Places