[Pkg-tigervnc-devel] Bug#1087925: tigervnc-common: Problems with tigervncserver copying credential files to /tmp

Juha Aatrokoski juha.aatrokoski at aalto.fi
Wed Nov 20 09:49:03 GMT 2024 

Package: tigervnc-common
Version: 1.12.0+dfsg-8

First reported to Ubuntu (https://bugs.launchpad.net/bugs/2088433),
kicking it "upstream" as suggested. Repeating the main points here,
see the Ubuntu bug for more details.


On startup, tigervncserver (via Wrapper.pm, which is Debian-specific)
copies ~/.vnc/passwd (and other credential files) into a
/tmp/tigervnc.XXXXXX directory and tells Xtigervnc to use those
instead. There are at least two problems with this:

1: If the /tmp/tigervnc.XXXXXX directory is removed for some reason
(e.g. via age-based /tmp cleaning, which is enabled by default on
Ubuntu, though not in Debian; the default setting may affect/determine
the severity of this bug), an unprivileged local attacker can recreate
it with their own passwd file and gain access to the VNC server. Even
if there is no attacker, the VNC server becomes inaccessible to its
owner (unless they know how to recreate the directory and file(s)
themself).

2: If the credential files (e.g. password) in ~/.vnc/ are changed, the
running VNC server will not pick this up and will continue to use the
old cached credential files.

I think there should at least be a mechanism to enable/disable this
caching behavior via a configuration file (and/or a command line
argument). Also, if such caching is done, I think the proper location
would be under $XDG_RUNTIME_DIR instead of /tmp.


-- System Information:
Debian Release: 12.8
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-25-amd64 (SMP w/6 CPU threads; PREEMPT)
Locale: LANG=C, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages tigervnc-common depends on:
ii  libc6       2.36-9+deb12u9
ii  libgcc-s1   12.2.0-14
ii  libstdc++6  12.2.0-14
ii  libx11-6    2:1.8.4-2+deb12u2

tigervnc-common recommends no packages.

tigervnc-common suggests no packages.

More information about the Pkg-tigervnc-devel mailing list