Issue metadata
Sign in to add a comment
|
Security: Top in Crosh/ChromeOS appears to being able to write files in guest mode
Reported by
resea...@nightwatchcybersecurity.com,
Mar 17 2016
|
||||||||||||||||||||
Issue descriptionVULNERABILITY DETAILS When in guest mode, the top command in Crosh appears to write files. It is unclear f /home/chronos/user persists. VERSION Chrome Version: 49.0.2623.95 (Official Build) (64-bit) Operating System: ChromeOS 7834.60.0 (= Official Build) stable-channel parrot REPRODUCTION CASE 1. Login to Chrome OS in guest mode. 2. Press CTRL-ALT-T to open crosh. 3. Type in "top" and press enter. 4. Press "W". A message will come up "file written to /home/chronos/user/.toprc"
,
Mar 21 2016
I will triage this.
,
Mar 21 2016
Thanks for the report. In guest mode, /home/chronos/user is a tmpfs mount, so marking this as "works as intended."
,
Jun 28 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Oct 1 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Oct 2 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Oct 2 2016
,
Mar 9 2017
|
|||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||
Comment 1 by mea...@chromium.org
, Mar 18 2016Labels: OS-Chrome
Owner: mdempsky@chromium.org
Status: Assigned (was: Unconfirmed)