Bug#753531: apt-get clean executes 'rm /*' if Dir::Cache is set to
On Sun, Jul 06, 2014 at 01:05:16PM +0200, Cédric Barboiron wrote: On Thu, 3 Jul 2014 08:59:57 +0200 [..] Hi Michael, and thanks for your answer. The use-case was indeed to disable the bin cache. Your patch is a good protection against misreading the manual. Btw, I tried with '/dev/null' only because it is handled differently in configuration.cc, I don't think it's useful to protect against this. For the manpage, I believe changing their names and empty string to the actual values would be clear enough (attached patch). Great, that looks good! Your patch (and the patch to error when cleaning /) is now part of the debian/sid branch and it will be part of the next upload. Thanks for your help with making the documentation better! Cheers, Michael -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#753531: apt-get clean executes 'rm /*' if Dir::Cache is set to
On Thu, 3 Jul 2014 08:59:57 +0200
Michael Vogt m...@debian.org wrote:
Thanks for your bugreport.
(warning: attached patch is not a solution, it is just intended to
show the problem)
Setting Dir::Cache::archives and Dir::Cache to the empty string (as
instructed by man 5 apt.conf) do NOT disable cache but set it to
'/'.
Consequence: apt-get clean then effectively cleans '/' and removes
all files here.
Not true anymore but even worse, on squeeze it also removes the
'/lib64' symlink, breaking the loader and preventing any new
dynamically linked binary to be launched.
This sounds like we want to improve the description of the apt.conf
manpage. I assume your use-case was to disable the binary cache? Maybe
you can suggest a way to make the description clearer to avoid the
issue for others?
As for protecting against this, I attached a patch that makes clean a
bit more careful and fix the example where Dir::Cache::archives= is
empty. But there is only so much we can do, e.g. if someone sets
Dir::Cache=/vmlinuz its hard to have a programmatic way to detect that
this is a bad idea. But I'm happy to protect against obvious ones
(like Clean(/)).
Hi Michael, and thanks for your answer.
The use-case was indeed to disable the bin cache. Your patch is a good
protection against misreading the manual. Btw, I tried with '/dev/null'
only because it is handled differently in configuration.cc, I don't
think it's useful to protect against this.
For the manpage, I believe changing their names and empty string
to the actual values would be clear enough (attached patch).
Regards
--
Cédric
diff --git a/doc/apt.conf.5.xml b/doc/apt.conf.5.xml
index fcbf20d..ffecc6c 100644
--- a/doc/apt.conf.5.xml
+++ b/doc/apt.conf.5.xml
@@ -608,10 +608,11 @@ DPkg::Pre-Install-Pkgs {/usr/sbin/dpkg-preconfigure --apt;};
information, such as the two package caches literalsrcpkgcache/literal and
literalpkgcache/literal as well as the location to place downloaded archives,
literalDir::Cache::archives/literal. Generation of caches can be turned off
- by setting their names to the empty string. This will slow down startup but
- save disk space. It is probably preferable to turn off the pkgcache rather
- than the srcpkgcache. Like literalDir::State/literal the default
- directory is contained in literalDir::Cache/literal/para
+ by setting literalpkgcache/literal or literalsrcpkgcache/literal to
+ literal/literal. This will slow down startup but save disk space. It
+ is probably preferable to turn off the pkgcache rather than the srcpkgcache.
+ Like literalDir::State/literal the default directory is contained in
+ literalDir::Cache/literal/para
paraliteralDir::Etc/literal contains the location of configuration files,
literalsourcelist/literal gives the location of the sourcelist and
Bug#753531: apt-get clean executes 'rm /*' if Dir::Cache is set to
On Wed, Jul 02, 2014 at 09:41:07PM +0200, Cédric Barboiron wrote:
Package: apt
Version: 1.0.5
Severity: important
Thanks for your bugreport.
(warning: attached patch is not a solution, it is just intended to show
the problem)
Setting Dir::Cache::archives and Dir::Cache to the empty string (as
instructed by man 5 apt.conf) do NOT disable cache but set it to '/'.
Consequence: apt-get clean then effectively cleans '/' and removes all
files here.
Not true anymore but even worse, on squeeze it also removes the '/lib64'
symlink, breaking the loader and preventing any new dynamically linked
binary to be launched.
This sounds like we want to improve the description of the apt.conf
manpage. I assume your use-case was to disable the binary cache? Maybe
you can suggest a way to make the description clearer to avoid the
issue for others?
As for protecting against this, I attached a patch that makes clean a
bit more careful and fix the example where Dir::Cache::archives= is
empty. But there is only so much we can do, e.g. if someone sets
Dir::Cache=/vmlinuz its hard to have a programmatic way to detect that
this is a bad idea. But I'm happy to protect against obvious ones
(like Clean(/)).
Cheers,
Michael
- - -
all following tests done on debian testing, up to date on 2014-07-02
current result:
debdev# cat apt.conf
Dir::Cache ;
Dir::Cache::archives ;
debdev# touch /VERY_SECRET
debdev# ls /
bin boot dev etc home initrd.img initrd.img.old lib lib64 lost+found
media mnt opt proc root run sbin srv sys tmp usr var VERY_SECRET
vmlinuz vmlinuz.old
debdev# apt-get clean
debdev# ls /
bin boot dev etc home lib lib64 lock lost+found media mnt opt
proc root run sbin srv sys tmp usr var
reading source code (contrib/configuration.cc) instead of the man page of
apt.conf:
debdev# cat apt.conf
Dir::Cache /dev/null;
Dir::Cache::archives /dev/null;
debdev# touch /VERY_SECRET
debdev# ls /
bin boot dev etc home lib lib64 lock lost+found media mnt opt
proc root run sbin srv sys tmp usr var VERY_SECRET
debdev# apt-get clean
debdev# ls /
bin boot dev etc home lib lib64 lock lost+found media mnt opt
proc root run sbin srv sys tmp usr var VERY_SECRET
expected result, BUT BUT BUT its not a good idea at all :
debdev# cat /etc/apt/apt.conf
Dir::Cache /dev/null;
Dir::Cache::archives /dev/null;
debdev# ls -l /dev/null
crw-rw-rw- 1 root root 1, 3 Jul 2 20:11 /dev/null
debdev# apt-get install libcaca
Reading package lists... Error!
E: Write error - write (28: No space left on device)
E: Can't mmap an empty file
E: Failed to truncate file - ftruncate (9: Bad file descriptor)
E: The package lists or status file could not be parsed or opened.
debdev# ls -l /dev/null
-rw-r--r-- 1 root root 0 Jul 2 20:17 /dev/null
debdev# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/debdev-root 95G 5.0G 85G 6% /
udev 10M 10M 0 100% /dev
tmpfs202M 200K 201M 1% /run
tmpfs5.0M 0 5.0M 0% /run/lock
tmpfs403M 0 403M 0% /run/shm
/dev/sda1228M 80M 137M 37% /boot
none 4.0K 0 4.0K 0% /sys/fs/cgroup
and finally with attached patch (built without make test because it has
other side-effects):
debdev# cat /etc/apt/apt.conf
Dir::Cache ;
Dir::Cache::archives ;
debdev# touch /MYTRALALA
debdev# ls /
bin dev home lib64 lost+found mntopt root sbin sys usr
boot etc lib lock media MYTRALALA proc run srv tmp var
debdev# apt-get clean
E: Ignored empty string directory configuration (would have been expanded to
'/' otherwise)
debdev# ls /
bin dev home lib64 lost+found mntopt root sbin sys usr
boot etc lib lock media MYTRALALA proc run srv tmp var
diff --git a/apt-pkg/contrib/configuration.cc
b/apt-pkg/contrib/configuration.cc
index 00f6ad0..3dd63aa 100644
--- a/apt-pkg/contrib/configuration.cc
+++ b/apt-pkg/contrib/configuration.cc
@@ -240,6 +240,11 @@ string Configuration::FindFile(const char *Name,const
char *Default) const
string Configuration::FindDir(const char *Name,const char *Default) const
{
string Res = FindFile(Name,Default);
+ if (Res == )
+ {
+ _error-Error(_(Ignored empty string directory configuration (would
have been expanded to '/' otherwise)));
+ return Res;
+ }
if (Res.end()[-1] != '/')
{
size_t const found = Res.rfind(/dev/null);
diff --git a/doc/apt.conf.5.xml b/doc/apt.conf.5.xml
index fcbf20d..e30898c 100644
--- a/doc/apt.conf.5.xml
+++ b/doc/apt.conf.5.xml
@@ -607,8 +607,8 @@ DPkg::Pre-Install-Pkgs {/usr/sbin/dpkg-preconfigure
--apt;};
paraliteralDir::Cache/literal
Bug#753531: apt-get clean executes 'rm /*' if Dir::Cache is set to
Package: apt
Version: 1.0.5
Severity: important
(warning: attached patch is not a solution, it is just intended to show
the problem)
Setting Dir::Cache::archives and Dir::Cache to the empty string (as
instructed by man 5 apt.conf) do NOT disable cache but set it to '/'.
Consequence: apt-get clean then effectively cleans '/' and removes all
files here.
Not true anymore but even worse, on squeeze it also removes the '/lib64'
symlink, breaking the loader and preventing any new dynamically linked
binary to be launched.
- - -
all following tests done on debian testing, up to date on 2014-07-02
current result:
debdev# cat apt.conf
Dir::Cache ;
Dir::Cache::archives ;
debdev# touch /VERY_SECRET
debdev# ls /
bin boot dev etc home initrd.img initrd.img.old lib lib64 lost+found
media mnt opt proc root run sbin srv sys tmp usr var VERY_SECRET
vmlinuz vmlinuz.old
debdev# apt-get clean
debdev# ls /
bin boot dev etc home lib lib64 lock lost+found media mnt opt proc
root run sbin srv sys tmp usr var
reading source code (contrib/configuration.cc) instead of the man page of
apt.conf:
debdev# cat apt.conf
Dir::Cache /dev/null;
Dir::Cache::archives /dev/null;
debdev# touch /VERY_SECRET
debdev# ls /
bin boot dev etc home lib lib64 lock lost+found media mnt opt proc
root run sbin srv sys tmp usr var VERY_SECRET
debdev# apt-get clean
debdev# ls /
bin boot dev etc home lib lib64 lock lost+found media mnt opt proc
root run sbin srv sys tmp usr var VERY_SECRET
expected result, BUT BUT BUT its not a good idea at all :
debdev# cat /etc/apt/apt.conf
Dir::Cache /dev/null;
Dir::Cache::archives /dev/null;
debdev# ls -l /dev/null
crw-rw-rw- 1 root root 1, 3 Jul 2 20:11 /dev/null
debdev# apt-get install libcaca
Reading package lists... Error!
E: Write error - write (28: No space left on device)
E: Can't mmap an empty file
E: Failed to truncate file - ftruncate (9: Bad file descriptor)
E: The package lists or status file could not be parsed or opened.
debdev# ls -l /dev/null
-rw-r--r-- 1 root root 0 Jul 2 20:17 /dev/null
debdev# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/debdev-root 95G 5.0G 85G 6% /
udev 10M 10M 0 100% /dev
tmpfs202M 200K 201M 1% /run
tmpfs5.0M 0 5.0M 0% /run/lock
tmpfs403M 0 403M 0% /run/shm
/dev/sda1228M 80M 137M 37% /boot
none 4.0K 0 4.0K 0% /sys/fs/cgroup
and finally with attached patch (built without make test because it has other
side-effects):
debdev# cat /etc/apt/apt.conf
Dir::Cache ;
Dir::Cache::archives ;
debdev# touch /MYTRALALA
debdev# ls /
bin dev home lib64 lost+found mntopt root sbin sys usr
boot etc lib lock media MYTRALALA proc run srv tmp var
debdev# apt-get clean
E: Ignored empty string directory configuration (would have been expanded to
'/' otherwise)
debdev# ls /
bin dev home lib64 lost+found mntopt root sbin sys usr
boot etc lib lock media MYTRALALA proc run srv tmp var
diff --git a/apt-pkg/contrib/configuration.cc b/apt-pkg/contrib/configuration.cc
index 00f6ad0..3dd63aa 100644
--- a/apt-pkg/contrib/configuration.cc
+++ b/apt-pkg/contrib/configuration.cc
@@ -240,6 +240,11 @@ string Configuration::FindFile(const char *Name,const char *Default) const
string Configuration::FindDir(const char *Name,const char *Default) const
{
string Res = FindFile(Name,Default);
+ if (Res == )
+ {
+ _error-Error(_(Ignored empty string directory configuration (would have been expanded to '/' otherwise)));
+ return Res;
+ }
if (Res.end()[-1] != '/')
{
size_t const found = Res.rfind(/dev/null);
diff --git a/doc/apt.conf.5.xml b/doc/apt.conf.5.xml
index fcbf20d..e30898c 100644
--- a/doc/apt.conf.5.xml
+++ b/doc/apt.conf.5.xml
@@ -607,8 +607,8 @@ DPkg::Pre-Install-Pkgs {/usr/sbin/dpkg-preconfigure --apt;};
paraliteralDir::Cache/literal contains locations pertaining to local cache
information, such as the two package caches literalsrcpkgcache/literal and
literalpkgcache/literal as well as the location to place downloaded archives,
- literalDir::Cache::archives/literal. Generation of caches can be turned off
- by setting their names to the empty string. This will slow down startup but
+ literalDir::Cache::archives/literal. Generation of caches CANNOT BE TURNED OFF.
+ This would slow down startup but could
save disk space. It is probably preferable to turn off the pkgcache rather
than the srcpkgcache. Like literalDir::State/literal the default
directory is contained in literalDir::Cache/literal/para
Bug#753531: apt-get clean executes 'rm /*' if Dir::Cache is set to
On Wed, 2014-07-02 at 21:41 +0200, Cédric Barboiron wrote: Setting Dir::Cache::archives and Dir::Cache to the empty string (as instructed by man 5 apt.conf) do NOT disable cache but set it to '/'. fwiw, I believe you're misreading apt.conf(5). Generation of caches can be turned off by setting their names to the empty string. This will slow down startup but save disk space. It is probably preferable to turn off the pkgcache rather than the srcpkgcache. Dir::Cache is *not* their names, nor is Dir::Cache::Archives. apt-config dump suggests that the text in question applies to: Dir::Cache::srcpkgcache srcpkgcache.bin; Dir::Cache::pkgcache pkgcache.bin; Regards, Adam -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
