Security researchers from Qualys uncovered various flaws in Canonical's Snap software packaging and deployment system. Bharat Jogi, head of vulnerability and threat research at Qualys, revealed in a blog post that they discovered many vulnerabilities in the snap-confine function on Linux operating systems, "the most important of which can be abused to escalate privilege to gain root rights."
Canonical created Snap, a software packaging and distribution mechanism for operating systems that use the Linux kernel. The packages, known as snaps, and the tool used to use them, snapd, are compatible with a variety of Linux distributions and enable upstream software developers to deliver their applications directly to users. Snaps are standalone applications that run in a sandbox and have mediated access to the host system. Snap-confine is a software that snapd uses internally to build the execution environment for snap applications.
If this vulnerability is successfully exploited, any unprivileged user can get root privileges on the vulnerable system. Qualys security researchers were able to independently validate the vulnerability, create an exploit, and get full root access on default Ubuntu installations. Canonical cooperated in responsible vulnerability disclosure and coordinated with both vendor and open-source distributions to announce this newly identified vulnerability as soon as the Qualys Research Team confirmed it.
Canonical, the publisher of Ubuntu, said in a statement that they tried to ensure that the subsystems on which the snap platform is based are utilised safely throughout the development process. They pointed out that, because of automatic refreshes, the majority of snap-distributed platform installations around the world have already been updated.
In addition, Qualys detected six more vulnerabilities. They detailed each vulnerability and asked all users to patch as soon as feasible. “Unfortunately, such a modern confinement platform involves many subsystems, and sometimes we make mistakes. Thankfully, Canonical and Ubuntu are part of a large community that includes competent security researchers. Recently, Qualys informed us that one of the tools a part of the snap platform contains a security issue,” a Canonical spokesperson said.
“In their words: Discovering and exploiting a vulnerability in snap-confine has been extremely challenging (especially in a default installation of Ubuntu), because snap-confine uses a very defensive programming style, AppArmor profiles, seccomp filters, mount namespaces, and two Go helper programs,” the spokesperson added.