Researchers at Aqua Security say they’ve discovered a significant security issue with Ubuntu’s “command not found” feature.
When you run a command for a package not installed Ubuntu’s “command not found” feature kicks in to tell you a) command not found and b) proactively suggests the relevant package(s) you need to install to run the command you tried.
Packages recommendations are drawn from DEB software available in the Ubuntu repos (queried against a local database that doesn’t change often), and for snap packages on the Snap Store (which involves connecting to the store’s online database).
Using snaps, security researchers say recommendations can be easily manipulated by bad actors (and I don’t mean the Tommy Wiseau kind), trying the feature in to telling users to install a snap package that, in nightmare scenarios, is malicious.
In a blog post to detail their findings researcher Ilay Goldman says: “the risk of attackers exploiting the ‘command-not-found’ utility to recommend their own malicious snap packages is a pressing concern”.
“The true peril lies in the potential scope of this issue, with attackers capable of mimicking thousands of commands from widely-used packages,” adding “past instances of malicious packages appearing in the Snap Store highlight this issue.”
To prove the viability of this attack vector Aqua Nautilus ran an experiment.
Manipulate Suggestions with Snaps
The jupyter-notebook package is not part of the default Ubuntu installation. If you run the command on a fresh install the “command not found” feature will do it’s job: tell you the command is not found, and tell you how to install the package using APT.
So far, so good.
But as this package was not on the Snap Store (and the package suggestion feature is designed to recommend snap packages where possible) researchers were able to register the name, then upload an app to the Snap Store pretending to be it.
Sure enough, a little while later command-not-found began to recommend their phoney package alongside the real one:
Sneaky, right?
This “exploit” allows attacks to game the recommendation using Snaps, in turn causing Ubuntu to recommend dodgy snap packages to users trying to run common, well-known software.
All attackers need to to do is upload their snap under the same name and sit back: the command-not-found feature will do the rest.
Aqua Nautilus say that up to 26% of commands associated with APT packages in Ubuntu are vulnerable to this direct form impersonation.
But it gets worse.
Even if a package name is already registered on the Snap Store there are others ways to game the system by exploiting alias’ and typo-squatting, thereby allowing rogues to get their scummy snaps suggested to users alongside or ahead of legitimate ones.
Which is worrying.
It undermines trust in the recommendations this feature makes. If a key part of Ubuntu’s command line experience says “you need to install package1 to run foo“, you want to be able to trust it.
But if a user was recommended a malicious snap, and they installed it, could it do anything bad?
Yes — snaps can use “autoconnect interfaces” like X11, which many folks still use, to do nasty stuff like steal credentials you type in other apps you have open at the same time. Not a theoretical flaw; these researchers made a proof-of-concept snap that proves that is possible.
Is this actually an issue?
The good news is that, for now, no-one has reported being duped through via this mechanism, and there are no signs snap malware is out there actively exploiting it, which is good.
Plus, it is easy for Canonical to remedy this issue through mitigations on their end. Restricting snap recommendations to those uploaded by verified developers would be a start.
As always, we users should shoulder some of the burden. When we install anything from any source we need to attention to typos, check what we’re installing is what it claims to be, and is packaged by a trustworthy source.
Interested in learning more? Head over to the Aqua blog post to read the report in full.
They provide details on how ‘command-not-found’ works, how it determines relevancy for its suggestions, and how attackers can use snap packages to do creepy things even when strict confinement is enabled and manual review isn’t triggered.