Source: autopkgtest
Version: 3.9
Severity: serious
Justification: Unwittingly sets dpkg force-unsafe-io on host
Tags: patch
Hi,
adt-setup-vm creates /etc/dpkg/dpkg.cfg.d/autopkgtest on the host,
instead of in the guest, because the path is missing the $root prefix
pointing to the directory where the guest's root is mounted.
This is very unfortunate, as that file sets force-unsafe-io for dpkg,
so this puts the host at risk to data loss.
Regards,
Christian
>From c8e5aac84d1de20028e85ec236a4a998938bd361 Mon Sep 17 00:00:00 2001
From: Christian Kastner <c...@kvr.at>
Date: Sun, 11 Jan 2015 01:28:36 +0100
Subject: adt-setup-vm: Modify guest's dpkg config, not host's
Add the missing $root prefix (the path to the directory where the guest's root
is mounted) when writing /etc/dpkg/dpkg.conf.d/autopkgtest, otherwise the
host's configuration is modified instead. As force-unsafe-io is being set, this
is very dangerous.
---
tools/adt-setup-vm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/adt-setup-vm b/tools/adt-setup-vm
index cb0c9bb..b2f83d2 100755
--- a/tools/adt-setup-vm
+++ b/tools/adt-setup-vm
@@ -80,7 +80,7 @@ fi
# go-faster apt/dpkg
echo "Acquire::Languages \"none\";" > "$root"/etc/apt/apt.conf.d/90nolanguages
-echo 'force-unsafe-io' > /etc/dpkg/dpkg.cfg.d/autopkgtest
+echo 'force-unsafe-io' > "$root"/etc/dpkg/dpkg.cfg.d/autopkgtest
# auto-detect apt-cacher-ng
if [ -z "${ADT_APT_PROXY:-}" ]; then
--
2.1.4
