Gnome implemented sandboxing for thumbnail parsers, but @ubuntu patches that out, because why not? https://bugs.launchpad.net/ubuntu/+source/bubblewrap/+bug/1709164 …
-
-
Would this "Permission denied" imply that perhaps there still is some sort of sandboxing going on? The platform here is Ubuntu 18.04 Desktop.pic.twitter.com/meg7u8nRrH
1 reply 0 retweets 3 likes -
Ahh, it looks like AppArmor was what protected Ubuntu in its default state. Disabling AppArmor results in successful code execution.pic.twitter.com/qCCYzOVKFZ
1 reply 1 retweet 13 likes -
hmm I didn't have to disable anything, I ran it from the live cd. does that differ significantly from the normal ubuntu desktop?
3 replies 0 retweets 0 likes -
I was able to confirm the PoC with a live system, but on 2 really installed Ubuntu systems it fails. I get "ioerror -12", My guess that this is the santtized_helper profile of AA
1 reply 0 retweets 0 likes
There are explicit AppArmor rules in Ubuntu for both evince and evince-thumbnailers in /etc/apparmor.d/usr.bin.evince that prevent unexpected execution via those programs. Debian and other distros, not so much...pic.twitter.com/p9an7avPuM
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.