This bug was fixed in the package livecd-rootfs - 2.408.68
---------------
livecd-rootfs (2.408.68) xenial; urgency=medium
[ Gauthier Jolly ]
* ubuntu-cpc: secure esp mountpoint (LP: #1881006)
Change mount option for ubuntu-cpc images from "defaults" to "umask=0077"
ESP partitions might contain sensitive data and non-root users shouldn't
have read access on it.
-- Robert C Jennings <robert.jenni...@canonical.com> Sat, 10 Apr 2021
05:28:29 -0500
** Changed in: livecd-rootfs (Ubuntu Xenial)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1881006
Title:
Incorrect ESP mount options
Status in cloud-images:
New
Status in subiquity:
New
Status in grub2 package in Ubuntu:
New
Status in livecd-rootfs package in Ubuntu:
Fix Released
Status in ubiquity package in Ubuntu:
New
Status in livecd-rootfs source package in Xenial:
Fix Released
Status in livecd-rootfs source package in Bionic:
Fix Released
Status in livecd-rootfs source package in Focal:
Fix Released
Status in livecd-rootfs source package in Groovy:
Fix Released
Bug description:
[Impact]
* For the affected images, the ESP is currently mounted with default
(0755) permissions. This means anyone can read the ESP partition. This
can cause security issues as sensitive data might be put in this
partition[0]
[Test Plan]
* Build an uefi image from the ubuntu-cpc project in livecd-rootfs
* Launch in KVM
* Check `/etc/fstab` content
* Check that mount options are reflected in 'mount' command output
* Ensure a non-root user can not access /boot/efi
[Where problems could occur]
* Some users can have automation in place change the mount options.
This change might break their automation. However, because this change
is only related to the ESP partition, I don't think a lot of users
would want to change the default settings.
* All use cases requiring non-root user to read from this file system
will be broken. However, given the content of this filesystem, this
scenario is unlikely and the security benefits should justify this
risk.
[original description]
Previously we decided that ESP should be mounted with umask=0077
See
https://git.launchpad.net/ubuntu/+source/partman-
efi/commit/fstab.d/efi?id=b141ba7648e66ae80eb58d26d40dd717cfee1904
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770033
https://bugs.launchpad.net/ubuntu/+source/partman-efi/+bug/1390183
This is also documented in https://wiki.ubuntu.com/FSTAB
However, in GCE instance /boot/efi is not mounted with umask=0077
fstab is:
LABEL=cloudimg-rootfs / ext4 defaults 0 0
LABEL=UEFI /boot/efi vfat defaults 0 0
And in mount options are:
(rw,relatime,fmask=0022,dmask=0022,codepage=437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro)
fstab should be fixed to specify "umask=0077" instead of "defaults"
for the ESP partition
also zsys setup in ubiquity does weird explicit
umask=0022,fmask=0022,dmask=0022 which are the defaults anyway, not
sure where that got those options from.
systemd, gpt-auto-generator correctly defaults to umask=0077 for ESP
mount
I think subiquity is affected, as it does not set "options:
'umask=0077'" on the /boot/efi mount in the storage specification.
[0] https://bugs.launchpad.net/cloud-images/+bug/1881006/comments/11
To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-images/+bug/1881006/+subscriptions
_______________________________________________
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help : https://help.launchpad.net/ListHelp
