A vulnerability in Flatpak made it possible to avoid isolation mode


Simon McVittie unveiled recently that identified a vulnerability (CVE-2021-21261) that avoids isolation of the isolated space and run arbitrary code in the host system environment in the package deployment and management utility Flatpak.

Vulnerability is present in the D-Bus flatpak-portal service (flatpak-portal also known by its service name D-Bus org.freedesktop.portal.Flatpak), which provides the launch of “portals” that are used to organize access to resources outside the container.

About the ruling

And it is that the vulnerability mentioned as such is not, since it is due to the operation of the service “Flatpak-portal” allows sandbox applications to start their own child process in a new sandbox environment, to which the same or stronger isolation settings are applied (for example, to handle untrusted content).

Vulnerability is exploited, since passes environment variables specific to the calling process to non-isolated controllers from the host system (for example, by running the command «flatpak run«). A malicious application can expose environment variables that affect flatpak execution and execute any code on the host side.

The flatpak-session-help service (org.freedesktop.Flatpakal who accesses flatpak-spawn –host) is intended to provide marked applications especially the ability to execute arbitrary code on the host system, so it is not a vulnerability that it also relies on the environment variables provided to it.

Granting access to the org.freedesktop.Flatpak service indicates that an application is trustworthy and can legitimately execute arbitrary code outside of the sandbox. For example, the GNOME Builder integrated development environment is marked as trusted in this way.

The Flatpak portal’s D-Bus service allows applications in a Flatpak sandbox to launch their own threads into a new sandbox, either with the same security settings as the caller or with more restrictive security settings.

An example of this, is that it is mentioned that in web browsers packaged with Flatpak as Chromium, to start threads which will process untrusted web content and give those threads a more restrictive sandbox than the browser itself.

In vulnerable versions, the Flatpak portal service passes the environment variables specified by the caller to non-sandboxed processes on the host system and in particular to the flatpak run command that is used to launch the new instance of the sandbox.

A malicious or compromised Flatpak application could set environment variables that the flatpak run command trusts and use to execute arbitrary code that is not in a sandbox.

It should be remembered that many flatpak developers disable isolation mode or give full access to the home directory.

For example, the GIMP, VSCodium, PyCharm, Octave, Inkscape, Audacity, and VLC packages come with limited isolation mode. If packages with access to the home directory are compromised, despite the presence of the tag «sandboxed»In the package description, an attacker needs to modify the ~ / .bashrc file to execute his code.

A separate issue is control over changes to packages and trust in package creators, who are often not associated with the main project or distributions.


It is mentioned that the problem was fixed in Flatpak versions 1.10.0 and 1.8.5, but later a regressive change appeared in the revision that caused compilation problems on systems with bubblewrap support set with the setuid flag.

After that the mentioned regression was corrected in version 1.10.1 (while the update for the 1.8.x branch is not yet available).

Finally if you are interested in knowing more about it About the vulnerability report, you can check the details In the following link.

Add Comment