GNOME's Help Browser Affected By A Serious Security Issue For Arbitrary File Reads

GNOME's Help Browser Affected By A Serious Security Issue For Arbitrary File Reads (www.phoronix.com)
from KarnaSubarna@lemmy.ml to linux@lemmy.ml on 16 Apr 2025 03:52
https://lemmy.ml/post/28675331

#linux

threaded - newest

isVeryLoud@lemmy.ca on 16 Apr 2025 04:49 collapse

Ouch, how did this happen, and why have patches sat unreviewed?

anamethatisnt@sopuli.xyz on 16 Apr 2025 05:47 collapse

Here they talk about the issue and its limitations and it seems they missed the workaround mentioned below in the writeup:
gitlab.gnome.org/GNOME/yelp/-/issues/221#note_239…

This attack has some limitations:

Attacker needs to know the unix username of the victim.

Browsers ask the user for permission on redirects to custom schemes.

However, the initial current working directory (CWD) of applications started by GNOME (e.g., using Alt+F2 or dock shortcuts) is the user’s home directory. As a result, the CWD of Chrome and Firefox is also set to the user’s home directory. We can abuse this behavior to point to the victim’s Downloads folder and bypass the first condition.

gist.github.com/…/e970b155358d45b298d7024edd9b17f…