Package: cowbuilder Version: 0.80 Severity: grave Tags: security I enabled eatmydata by adding EATMYDATA=eatmydata to my ~/.pbuilderrc, and the result is that copy-on-write no longer works, making any modifications persistent:
eatmydata enabled emilio@tatooine:~$ sudo cowbuilder --login root@tatooine:/# echo asdf > /etc/apt/sources.list root@tatooine:/# logout emilio@tatooine:~$ sudo cowbuilder --login root@tatooine:/# cat /etc/apt/sources.list asdf Note how it has overwritten sources.list even though --save-after-login wasn't passed. It also overwrites files during a package build, which is a big problem. Now, with eatmydata disabled: First, restore sources.list: emilio@tatooine:~$ sudo cowbuilder --login --save-after-login root@tatooine:/# cat /etc/apt/sources.list asdf root@tatooine:/# echo "deb http://ftp.es.debian.org/debian/ unstable main" > /etc/apt/sources.list root@tatooine:/# logout It is restored. Now, let's try to overwrite it without --save-after-login: emilio@tatooine:~$ sudo cowbuilder --login root@tatooine:/# cat /etc/apt/sources.list deb http://ftp.es.debian.org/debian/ unstable main root@tatooine:/# echo asdf > /etc/apt/sources.list root@tatooine:/# logout emilio@tatooine:~$ sudo cowbuilder --login root@tatooine:/# cat /etc/apt/sources.list deb http://ftp.es.debian.org/debian/ unstable main root@tatooine:/# It isn't overwritten. Cheers, Emilio -- System Information: Debian Release: stretch/sid APT prefers unstable APT policy: (800, 'unstable'), (700, 'experimental'), (650, 'testing'), (500, 'unstable-debug') Architecture: amd64 (x86_64) Foreign Architectures: i386, armhf Kernel: Linux 4.6.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages cowbuilder depends on: ii cowdancer 0.80 ii libc6 2.23-1 ii pbuilder 0.225.1 cowbuilder recommends no packages. cowbuilder suggests no packages. -- no debconf information
