Are you planning to update testing before the release? The previous uploads of 3.7.14 and 3.7.15 didn't migrate. The current stable is 3.7.3-1 and doesn't have this bug. The current testing is 3.7.13-1 and it does have the bug. The next stable would be better with a patched 3.7.13 or 3.7.16.
This bug can cause multi-threaded servers to create files with world read/write access. Lots of servers are affected: for example apache using the worker mpm together with mod_dav_svn: $ strace -fetrace=umask -p 16162 Process 16162 attached with 10 threads - interrupt to quit [pid 16170] umask(0) = 022 [pid 16170] umask(022) = 0 [pid 16170] umask(0) = 022 [pid 16170] umask(022) = 0 [pid 16170] umask(0) = 022 [pid 16170] umask(022) = 0 [pid 16170] umask(0) = 022 [pid 16170] umask(022) = 0 Any files created by other threads in that apache process while the umask is 0 will be world read/write by default. ow...@bugs.debian.org (Debian Bug Tracking System) writes: > This is an automatic notification regarding your Bug report > which was filed against the libsqlite3-0 package: > > #703465: libsqlite3-0: SQLite sets umask to zero when writing > > It has been closed by Laszlo Boszormenyi (GCS) <g...@debian.hu>. > > Their explanation is attached below along with your original report. > If this explanation is unsatisfactory and you have not received a > better one in a separate message then please contact Laszlo Boszormenyi (GCS) > <g...@debian.hu> by > replying to this email. > > > -- > 703465: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=703465 > Debian Bug Tracking System > Contact ow...@bugs.debian.org with problems > > From: Laszlo Boszormenyi (GCS) <g...@debian.hu> > Subject: Bug#703465: fixed in sqlite3 3.7.16-1 > To: 703465-cl...@bugs.debian.org > Date: Sat, 23 Mar 2013 19:48:20 +0000 > > Source: sqlite3 > Source-Version: 3.7.16-1 > > We believe that the bug you reported is fixed in the latest version of > sqlite3, which is due to be installed in the Debian FTP archive. > > A summary of the changes between this version and the previous one is > attached. > > Thank you for reporting the bug, which will now be closed. If you > have further comments please address them to 703...@bugs.debian.org, > and the maintainer will reopen the bug report if appropriate. > > Debian distribution maintenance software > pp. > Laszlo Boszormenyi (GCS) <g...@debian.hu> (supplier of updated sqlite3 > package) > > (This message was generated automatically at their request; if you > believe that there is a problem with it please contact the archive > administrators by mailing ftpmas...@debian.org) > > > Format: 1.8 > Date: Tue, 19 Mar 2013 23:33:43 +0100 > Source: sqlite3 > Binary: lemon sqlite3 sqlite3-doc libsqlite3-0-dbg libsqlite3-0 > libsqlite3-dev libsqlite3-tcl > Architecture: source all amd64 > Version: 3.7.16-1 > Distribution: unstable > Urgency: low > Maintainer: Laszlo Boszormenyi (GCS) <g...@debian.hu> > Changed-By: Laszlo Boszormenyi (GCS) <g...@debian.hu> > Description: > lemon - LALR(1) Parser Generator for C or C++ > libsqlite3-0 - SQLite 3 shared library > libsqlite3-0-dbg - SQLite 3 debugging symbols > libsqlite3-dev - SQLite 3 development files > libsqlite3-tcl - SQLite 3 Tcl bindings > sqlite3 - Command line interface for SQLite 3 > sqlite3-doc - SQLite 3 documentation > Closes: 683588 698636 703465 > Changes: > sqlite3 (3.7.16-1) unstable; urgency=low > . > * New upstream release, fixes umask handling (closes: #703465). > * Update Standards-Version to 3.9.4 . > * Make libsqlite3-dev package multi-arch: same (closes: #683588). > * Include HTML documentation for lemon (closes: #698636). > * Update patches to apply clean. > Checksums-Sha1: > c52a47420563eec916a0b3a861318f17c79f9c2f 1782 sqlite3_3.7.16-1.dsc > 3a840f48cdbe24f8ae82aeb6d78e84f70a132287 3285795 > sqlite3_3.7.16.orig-www.tar.gz > c767ffb63010446120f1be83208460cb9c1eb1f3 4383420 sqlite3_3.7.16.orig.tar.gz > 7aa99a3cb5246757dcd2cf88659cec7f85aff6cc 18199 sqlite3_3.7.16-1.debian.tar.gz > e1e4256a0a0bce6bf994f74f706b20035eb24acc 3385642 sqlite3-doc_3.7.16-1_all.deb > 62c8b21e1db1a4c80ff0524230a362c5c20f143a 149314 lemon_3.7.16-1_amd64.deb > 66b588bc712ed39615608a15848d07a6348b982c 124800 sqlite3_3.7.16-1_amd64.deb > 0ca9be76ce4503cd7e59803f8e99310b4ef37d2d 1107998 > libsqlite3-0-dbg_3.7.16-1_amd64.deb > 19434c5c3e2de39644cbdefbe9708e3c459bac43 467418 > libsqlite3-0_3.7.16-1_amd64.deb > c07691b212a80c735e57982bed49e57d316e7d47 595222 > libsqlite3-dev_3.7.16-1_amd64.deb > da989479678d204be5bb4862fe0ee376f9ba59d8 117150 > libsqlite3-tcl_3.7.16-1_amd64.deb > Checksums-Sha256: > f36a6f2b17d3b5aeadc251399eb8c5f731b48ad8fa8d213a056fc5155f070ce7 1782 > sqlite3_3.7.16-1.dsc > 469d05d8d3bec7cfa49a51e0c764a43595838bb642352a426e846f99dcdf478d 3285795 > sqlite3_3.7.16.orig-www.tar.gz > 5844df7bc985f2eb6cc8f67ca40ba1748421084aa89e3740cf685a476ee16d1b 4383420 > sqlite3_3.7.16.orig.tar.gz > 216acfd6ad49be5d0e149e9a3761ad78e4e15cfee6f90029ac99448f8f992208 18199 > sqlite3_3.7.16-1.debian.tar.gz > 20d5a1efa8aa0d9c0b085eb5cfcaf31e7872ff498bcb07a90146cf347d734c78 3385642 > sqlite3-doc_3.7.16-1_all.deb > 29d51c1ac5a3291a938c7be11fcf871b9acccf2980d71f7db3cda3eb85e97c72 149314 > lemon_3.7.16-1_amd64.deb > 727937bc340dae98b6f6dac95888fe1865711a6ec8b215415ba420d9b77ea7ce 124800 > sqlite3_3.7.16-1_amd64.deb > d999a9447ecbacd792bf1376839bf573a31b360467ed63fe2db08b0432b8c44e 1107998 > libsqlite3-0-dbg_3.7.16-1_amd64.deb > d73b9cfd4ea76cb3f1939995670eac9dbfbe1f5ef83eb1a0731f8e6b15c19d41 467418 > libsqlite3-0_3.7.16-1_amd64.deb > ed9b5c79a26cc1903d82271fcca4bb88941035fa6226abdcc6877e4012843b07 595222 > libsqlite3-dev_3.7.16-1_amd64.deb > db2e07631b9f5989699e5519b84619b959975a3546611962d5430c0bccece8c8 117150 > libsqlite3-tcl_3.7.16-1_amd64.deb > Files: > bad055b1765e380f9959117b4f3080b4 1782 devel optional sqlite3_3.7.16-1.dsc > 63cbbae255ac19e5e22a4e80d8e6433d 3285795 devel optional > sqlite3_3.7.16.orig-www.tar.gz > 67120b89fbbcb8d6403da62cbf063cfb 4383420 devel optional > sqlite3_3.7.16.orig.tar.gz > e1f8a8ad76858f1b5d2e02fd9defbe4f 18199 devel optional > sqlite3_3.7.16-1.debian.tar.gz > b7db1b5324a506bfb1c480f112ecfee2 3385642 doc optional > sqlite3-doc_3.7.16-1_all.deb > 90549e84e0cb34bd4860aeabb981c94b 149314 devel optional > lemon_3.7.16-1_amd64.deb > 4f9e177b09ee533f3716af0b09dc20a2 124800 database optional > sqlite3_3.7.16-1_amd64.deb > 25b67faae81f48afe0d08645a86f1462 1107998 debug extra > libsqlite3-0-dbg_3.7.16-1_amd64.deb > b08943eabee0befbfbb1f37880e9a905 467418 libs standard > libsqlite3-0_3.7.16-1_amd64.deb > 9335c9f90422c7c1a0152b9cfa02af8b 595222 libdevel optional > libsqlite3-dev_3.7.16-1_amd64.deb > 2ed88790f788be0335c53644bc8a31ac 117150 interpreters optional > libsqlite3-tcl_3.7.16-1_amd64.deb > > ---------- > > From: Philip Martin <phi...@codematters.co.uk> > Subject: libsqlite3-0: SQLite sets umask to zero when writing > To: Debian Bug Tracking System <sub...@bugs.debian.org> > Date: Tue, 19 Mar 2013 22:23:44 +0000 > > Package: libsqlite3-0 > Version: 3.7.13-1 > Severity: normal > Tags: upstream patch > > Dear Maintainer, > > SQLite added a feature (in 3.7.11 I think) to ensure that journal/wal > files have the same permissions as the database file: > > http://www.sqlite.org/src/info/84b324606a > > The implementation sets umask to 0 for short periods of time and > this is a problem when SQLite is used in a multi-threaded process > because the umask change affects all threads in the process. Other > threads creating files while the umask is 0 will create files with > global write access rather than with permissions limited by umask. > > The 3.7.16 release contains a fix to use fchmod instead of umask: > > http://www.sqlite.org/src/info/6c4c2b7dba > > The 3.7.13-1 version in testing is vulnerable. > > Index: src/os_unix.c > ================================================================== > --- src/os_unix.c > +++ src/os_unix.c > @@ -410,15 +410,11 @@ > { "pwrite64", (sqlite3_syscall_ptr)0, 0 }, > #endif > #define osPwrite64 ((ssize_t(*)(int,const void*,size_t,off_t))\ > aSyscall[13].pCurrent) > > -#if SQLITE_ENABLE_LOCKING_STYLE > { "fchmod", (sqlite3_syscall_ptr)fchmod, 0 }, > -#else > - { "fchmod", (sqlite3_syscall_ptr)0, 0 }, > -#endif > #define osFchmod ((int(*)(int,mode_t))aSyscall[14].pCurrent) > > #if defined(HAVE_POSIX_FALLOCATE) && HAVE_POSIX_FALLOCATE > { "fallocate", (sqlite3_syscall_ptr)posix_fallocate, 0 }, > #else > @@ -439,13 +435,10 @@ > #define osRmdir ((int(*)(const char*))aSyscall[19].pCurrent) > > { "fchown", (sqlite3_syscall_ptr)posixFchown, 0 }, > #define osFchown ((int(*)(int,uid_t,gid_t))aSyscall[20].pCurrent) > > - { "umask", (sqlite3_syscall_ptr)umask, 0 }, > -#define osUmask ((mode_t(*)(mode_t))aSyscall[21].pCurrent) > - > }; /* End of the overrideable system calls */ > > /* > ** This is the xSetSystemCall() method of sqlite3_vfs for all of the > ** "unix" VFSes. Return SQLITE_OK opon successfully updating the > @@ -546,31 +539,29 @@ > ** process that is able to write to the database will also be able to > ** recover the hot journals. > */ > static int robust_open(const char *z, int f, mode_t m){ > int fd; > - mode_t m2; > - mode_t origM = 0; > - if( m==0 ){ > - m2 = SQLITE_DEFAULT_FILE_PERMISSIONS; > - }else{ > - m2 = m; > - origM = osUmask(0); > - } > + mode_t m2 = m ? m : SQLITE_DEFAULT_FILE_PERMISSIONS; > do{ > #if defined(O_CLOEXEC) > fd = osOpen(z,f|O_CLOEXEC,m2); > #else > fd = osOpen(z,f,m2); > #endif > }while( fd<0 && errno==EINTR ); > - if( m ){ > - osUmask(origM); > - } > + if( fd>=0 ){ > + if( m!=0 ){ > + struct stat statbuf; > + if( osFstat(fd, &statbuf)==0 && (statbuf.st_mode&0777)!=m ){ > + osFchmod(fd, m); > + } > + } > #if defined(FD_CLOEXEC) && (!defined(O_CLOEXEC) || O_CLOEXEC==0) > - if( fd>=0 ) osFcntl(fd, F_SETFD, osFcntl(fd, F_GETFD, 0) | FD_CLOEXEC); > + osFcntl(fd, F_SETFD, osFcntl(fd, F_GETFD, 0) | FD_CLOEXEC); > #endif > + } > return fd; > } > > /* > ** Helper functions to obtain and relinquish the global mutex. The > @@ -6992,11 +6983,11 @@ > }; > unsigned int i; /* Loop counter */ > > /* Double-check that the aSyscall[] array has been constructed > ** correctly. See ticket [bb3a86e890c8e96ab] */ > - assert( ArraySize(aSyscall)==22 ); > + assert( ArraySize(aSyscall)==21 ); > > /* Register all VFSes defined in the aVfs[] array */ > for(i=0; i<(sizeof(aVfs)/sizeof(sqlite3_vfs)); i++){ > sqlite3_vfs_register(&aVfs[i], i==0); > } > > Index: test/pager1.test > ================================================================== > --- test/pager1.test > +++ test/pager1.test > @@ -881,16 +881,24 @@ > COMMIT; > } {delete} > tv filter {} > db close > tv delete > +catch { > + test_syscall install fchmod > + test_syscall fault 1 1 > +} > do_test pager1.4.7.2 { > faultsim_restore_and_reopen > catch {file attributes test.db-journal -permissions r--------} > catch {file attributes test.db-journal -readonly 1} > catchsql { SELECT * FROM t1 } > } {1 {unable to open database file}} > +catch { > + test_syscall reset > + test_syscall fault 0 0 > +} > do_test pager1.4.7.3 { > db close > catch {file attributes test.db-journal -permissions rw-rw-rw-} > catch {file attributes test.db-journal -readonly 0} > delete_file test.db-journal > > Index: test/tkt3457.test > ================================================================== > --- test/tkt3457.test > +++ test/tkt3457.test > @@ -30,11 +30,11 @@ > # the hot-journal file. Result: SQLITE_CANTOPEN. > # > # tkt3457-1.3: Application has write but not read permission on > # the hot-journal file. Result: SQLITE_CANTOPEN. > # > -# tkt3457-1.4: Application has read but not write permission on > +# tkt3457-1.4: Application has read but not write permission ongrep > # the hot-journal file. Result: SQLITE_CANTOPEN. > # > # tkt3457-1.5: Application has read/write permission on the hot-journal > # file. Result: SQLITE_OK. > # > @@ -59,10 +59,18 @@ > puts -nonewline $fd "\xd9\xd5\x05\xf9\x20\xa1\x63\xd7" > close $fd > > execsql COMMIT > } {} > + > +# Disable fchmod to make sure SQLite itself does not try to change the > +# permission bits on us > +# > +catch { > + test_syscall install fchmod > + test_syscall fault 1 1 > +} > > do_test tkt3457-1.2 { > forcecopy bak.db-journal test.db-journal > file attributes test.db-journal -permissions --------- > catchsql { SELECT * FROM t1 } > @@ -81,7 +89,13 @@ > do_test tkt3457-1.5 { > forcecopy bak.db-journal test.db-journal > file attributes test.db-journal -permissions rw-rw-rw- > catchsql { SELECT * FROM t1 } > } {0 {1 2 3 4 5 6}} > + > +# Reenable fchmod > +catch { > + test_syscall uninstall > + test_syscall fault 0 0 > +} > > finish_test > > -- System Information: > Debian Release: 7.0 > APT prefers testing > APT policy: (500, 'testing') > Architecture: amd64 (x86_64) > > Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores) > Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) > Shell: /bin/sh linked to /bin/dash > > Versions of packages libsqlite3-0 depends on: > ii libc6 2.13-38 > ii multiarch-support 2.13-38 > > libsqlite3-0 recommends no packages. > > libsqlite3-0 suggests no packages. > > -- no debconf information > ---------- > -- Philip -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
