Source: autopkgtest Version: 3.9 Severity: serious Justification: Unwittingly sets dpkg force-unsafe-io on host Tags: patch
Hi, adt-setup-vm creates /etc/dpkg/dpkg.cfg.d/autopkgtest on the host, instead of in the guest, because the path is missing the $root prefix pointing to the directory where the guest's root is mounted. This is very unfortunate, as that file sets force-unsafe-io for dpkg, so this puts the host at risk to data loss. Regards, Christian
>From c8e5aac84d1de20028e85ec236a4a998938bd361 Mon Sep 17 00:00:00 2001 From: Christian Kastner <c...@kvr.at> Date: Sun, 11 Jan 2015 01:28:36 +0100 Subject: adt-setup-vm: Modify guest's dpkg config, not host's Add the missing $root prefix (the path to the directory where the guest's root is mounted) when writing /etc/dpkg/dpkg.conf.d/autopkgtest, otherwise the host's configuration is modified instead. As force-unsafe-io is being set, this is very dangerous. --- tools/adt-setup-vm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/adt-setup-vm b/tools/adt-setup-vm index cb0c9bb..b2f83d2 100755 --- a/tools/adt-setup-vm +++ b/tools/adt-setup-vm @@ -80,7 +80,7 @@ fi # go-faster apt/dpkg echo "Acquire::Languages \"none\";" > "$root"/etc/apt/apt.conf.d/90nolanguages -echo 'force-unsafe-io' > /etc/dpkg/dpkg.cfg.d/autopkgtest +echo 'force-unsafe-io' > "$root"/etc/dpkg/dpkg.cfg.d/autopkgtest # auto-detect apt-cacher-ng if [ -z "${ADT_APT_PROXY:-}" ]; then -- 2.1.4