=====================================================================

                             CERT-Renater

                 Note d'Information No. 2021/VULN529
_____________________________________________________________________

DATE                : 13/10/2021

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Flatpak versions prior to 1.10.5,
                                      1.12.1, 1.8.2.

=====================================================================
https://github.com/flatpak/flatpak/security/advisories/GHSA-67h7-w3jq-vh4q
_____________________________________________________________________


CVE-2021-41133: Sandbox bypass via recent VFS-manipulating syscalls
high   alexlarsson   published   GHSA-67h7-w3jq-vh4q    Oct 8, 2021


Package
Flatpak (freedesktop.org)

Affected versions
1.11.x, 1.10.x <= 1.10.3, all <= 1.8.2

Patched versions
1.10.5, 1.12.1, also expected in 1.8.2


Description

An anonymous reporter discovered that Flatpak apps with direct access to
AF_UNIX sockets such as those used by Wayland, Pipewire or
pipewire-pulse can trick portals and other host-OS services into
treating the Flatpak app as though it was an ordinary, non-sandboxed
host-OS process, by manipulating the VFS using recent mount-related
syscalls that are not blocked by Flatpak's denylist seccomp filter, in
order to substitute a crafted /.flatpak-info or make that file disappear
entirely.


Impact

Flatpak apps that act as clients for AF_UNIX sockets such as those used
by Wayland, Pipewire or pipewire-pulse can escalate the privileges that
the corresponding services will believe the Flatpak app has.

Mitigation: Note that protocols that operate entirely over the D-Bus
session bus (user bus), system bus or accessibility bus are not affected
by this. This is due to the use of a proxy process xdg-dbus-proxy, whose
VFS cannot be manipulated by the Flatpak app, when interacting with
these buses.


Patches

The short-term solution is to expand the deny-list of syscalls in the
seccomp filter:

    e26ac75
    89ae9fe
    26b1248
    a10f52a
    9766ee0
    4c34815
    1330662
    462fca2

These follow-up fixes address regressions in the initial version:

    d419fa6 (included in 1.12.1 and 1.10.5)
    3fc8c67 (included in 1.12.2, should be included in 1.10.6)

The regression fixes are necessary for compatibility with Flatpak apps,
runtimes and extensions that use the extra-data feature (such as
openh264 and the proprietary NVIDIA drivers) or that use multiarch (such
as Steam). However, they weaken the protection against unwanted system
calls: system calls not known to the installed version of libseccomp
will not be blocked. Using a version of libseccomp at least as new as
the currently-running kernel is recommended. We are looking for better
long-term solutions.

Follow-up hardening is likely to convert the deny-list into an
allow-list, and/or block namespace transitions in some other way.


Workarounds

None currently known.


For more information

If you have any questions or comments about this advisory, please
contact flatpak-security at lists.freedesktop.org.



=========================================================
+ CERT-RENATER       |    tel : 01-53-94-20-44          +
+ 23/25 Rue Daviel   |    fax : 01-53-94-20-41          +
+ 75013 Paris        |    email:cert@support.renater.fr +
=========================================================