[Touch-packages] [Bug 1556302] Re: Ubuntu patch to add HOME to env_keep makes custom commands vulnerable by default
** Changed in: ubuntu-release-notes Status: Confirmed => Incomplete ** Changed in: sudo (Ubuntu Xenial) Assignee: (unassigned) => lolo (lolo2020) ** Changed in: sudo (Ubuntu Bionic) Assignee: (unassigned) => lolo (lolo2020) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to sudo in Ubuntu. https://bugs.launchpad.net/bugs/1556302 Title: Ubuntu patch to add HOME to env_keep makes custom commands vulnerable by default Status in Release Notes for Ubuntu: Incomplete Status in sudo package in Ubuntu: Fix Released Status in sudo source package in Xenial: In Progress Status in sudo source package in Bionic: In Progress Status in sudo source package in Cosmic: Won't Fix Status in sudo source package in Disco: Won't Fix Status in sudo source package in Eoan: Fix Released Bug description: [impact] sudo does not set HOME to the target user's HOME [test case] ddstreet@thorin:~$ sudo printenv | grep HOME HOME=/home/ddstreet [regression potential] this is a significant behavior change. As mentioned in comment 11 (and later, and other bugs duped to this, and the mailing list discussion, etc) users of Ubuntu so far have been used to running sudo with their own HOME set, not root's HOME. Therefore, it's inappropriate to change this behavior for existing releases; this should be changed starting in Eoan, and only the sudo and sudoers man pages changed in previous releases to indicate the actual behavior of sudo in those releases. [other info] Shortly after upstream changed the behavior, the patch to keep HOME as the calling (instead of target) user was added in bug 760140. For quick reference to anyone coming to this bug, the pre-19.10 behavior (of sudo keeping the calling user's $HOME) can be disabled by running 'sudo visudo' and adding this line: Defaultsalways_set_home or, run sudo with the -H param. -- original description: -- I wanted to allow certain users to execute a python script as another user, so I created the following sudoers config: Defaults env_reset source_user ALL=(target_user) NOPASSWD: /home/target_user/bin/script.py This results in a highly insecure Python environment because the source user can set HOME and override any Python package by putting files in $HOME/.local/lib/python*/site-packages/. This should be a safe configuration because the default behaviour (as specified in the man page) is that env_reset will replace HOME with the target user's home directory. The "env_reset" option even has special behaviour for bash which has its own potential environment vulnerabilities. However there is an Ubuntu-specific patch in the package (keep_home_by_default.patch) that makes sudo preserve HOME by default, which negates the correct behaviour of "env_reset". It should not be necessary to explicitly specify the "always_set_home" option in order to negate this patch. The patch should be removed and the default /etc/sudoers should explicitly add HOME to "env_keep" for the "allow admins to run any command as root" entries, to get the desired behaviour without creating security issues for other sudoers commands. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-release-notes/+bug/1556302/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 349469] Re: debconf: DbDriver "config": /var/cache/debconf/config.dat is locked by another process: Resource temporarily unavailable
** Changed in: aptdaemon (Ubuntu) Status: Triaged => Incomplete ** Changed in: debconf (Ubuntu) Status: Triaged => Confirmed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to debconf in Ubuntu. https://bugs.launchpad.net/bugs/349469 Title: debconf: DbDriver "config": /var/cache/debconf/config.dat is locked by another process: Resource temporarily unavailable Status in Aptdaemon: Confirmed Status in Debconf: New Status in aptdaemon package in Ubuntu: Incomplete Status in debconf package in Ubuntu: Confirmed Bug description: Upgrading packages that use debconf sometimes fail with the following error: debconf: DbDriver "config": /var/cache/debconf/config.dat is locked by another process: Resource temporarily unavailable To manage notifications about this bug go to: https://bugs.launchpad.net/aptdaemon/+bug/349469/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1133107] Re: Hidden Microsoft ULA when installing Ubuntu Restricted Extras
** Changed in: debconf (Ubuntu) Status: Confirmed => Incomplete ** Changed in: software-center (Ubuntu) Status: Triaged => Incomplete -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to debconf in Ubuntu. https://bugs.launchpad.net/bugs/1133107 Title: Hidden Microsoft ULA when installing Ubuntu Restricted Extras Status in debconf package in Ubuntu: Incomplete Status in software-center package in Ubuntu: Incomplete Bug description: 64-bit 3.8.0-7-generic #15-Ubuntu SMP Thu Feb 21 20:07:18 UTC 2013 1. Launch Unbuntu Software Center. 2. Begin installation of Ubuntu Restricted Extras. 3. Application will appear to hang after a while. 4. Popup displaying the Microsoft ULA is not being brought to the top so the app waits patiently for user input. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/debconf/+bug/1133107/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1616107] Re: Kernel oops + system freeze on network-bridge shutdown
and 4.4.20-040420-generic now includes the xenbus bug... -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to bridge-utils in Ubuntu. https://bugs.launchpad.net/bugs/1616107 Title: Kernel oops + system freeze on network-bridge shutdown Status in bridge-utils package in Ubuntu: New Status in linux package in Ubuntu: Confirmed Bug description: A Kernel oops leaves Ubuntu 16.04 unusable when a network bridge is brought down on a HPE 530SFP+ 10GBit NIC that uses bnx2x as a driver. This error does not appear in Ubuntu 14.04 however. The error is reproducible whenever issuing the commands "shutdown", "service networking stop" or "brctl delbr br0". Manually creating the bridge and subsequently bringing it down results in the same error. /var/log/kern.log: [...] Aug 23 15:09:46 base1 kernel: [ 617.996677] device ens1f0 left promiscuous mode Aug 23 15:09:46 base1 kernel: [ 617.996699] br0: port 1(ens1f0) entered disabled state Aug 23 15:09:46 base1 kernel: [ 617.996730] BUG: unable to handle kernel NULL pointer dereference at 00d2 Aug 23 15:09:46 base1 kernel: [ 618.008306] IP: [] __vlan_flush+0x18/0x60 [bridge] Aug 23 15:09:46 base1 kernel: [ 618.020549] PGD 10374c0067 PUD 1033927067 PMD 0 Aug 23 15:09:46 base1 kernel: [ 618.032773] Oops: 0002 [#1] SMP Aug 23 15:09:46 base1 kernel: [ 618.044434] Modules linked in: nls_iso8859_1 ipmi_ssif intel_rapl x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel kvm irqbypass sb_edac edac_core joydev bridge stp llc input_leds hpilo lpc_ich ioatdma ipmi_si ipmi_msghandler shpchp mac_hid acpi_power_meter ib_iser rdma_cm iw_cm ib_cm ib_sa ib_mad ib_core ib_addr iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi autofs4 btrfs raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq raid0 multipath linear raid1 hid_generic crct10dif_pclmul crc32_pclmul aesni_intel aes_x86_64 lrw gf128mul glue_helper ablk_helper cryptd igb usbhid hid bnx2x dca ahci i2c_algo_bit vxlan libahci ip6_udp_tunnel udp_tunnel ptp pps_core mdio libcrc32c wmi fjes Aug 23 15:09:46 base1 kernel: [ 618.058563] CPU: 3 PID: 4049 Comm: brctl Not tainted 4.4.0-34-generic #53-Ubuntu Aug 23 15:09:46 base1 kernel: [ 618.058564] Hardware name: HP ProLiant DL120 Gen9/ProLiant DL120 Gen9, BIOS P86 05/05/2016 Aug 23 15:09:46 base1 kernel: [ 618.058574] task: 881030676040 ti: 8810341e4000 task.ti: 8810341e4000 Aug 23 15:09:46 base1 kernel: [ 618.058576] RIP: 0010:[] [] __vlan_flush+0x18/0x60 [bridge] Aug 23 15:09:46 base1 kernel: [ 618.058754] RSP: 0018:8810341e7d68 EFLAGS: 00010206 Aug 23 15:09:46 base1 kernel: [ 618.058769] RAX: RBX: RCX: Aug 23 15:09:46 base1 kernel: [ 618.058774] RDX: 881038470848 RSI: RDI: Aug 23 15:09:46 base1 kernel: [ 618.058775] RBP: 8810341e7d78 R08: R09: 8170d949 Aug 23 15:09:46 base1 kernel: [ 618.058776] R10: ead61340 R11: 8810329d2c00 R12: 00c0 Aug 23 15:09:46 base1 kernel: [ 618.058777] R13: 881030044000 R14: 881038470840 R15: Aug 23 15:09:46 base1 kernel: [ 618.058782] FS: 7f9aebc94700() GS:88107fcc() knlGS: Aug 23 15:09:46 base1 kernel: [ 618.058789] CS: 0010 DS: ES: CR0: 80050033 Aug 23 15:09:46 base1 kernel: [ 618.058790] CR2: 00d2 CR3: 00102fe83000 CR4: 001406e0 Aug 23 15:09:46 base1 kernel: [ 618.058802] Stack: Aug 23 15:09:46 base1 kernel: [ 618.058806] 8810356a4c00 8810341e7d98 c0489258 Aug 23 15:09:46 base1 kernel: [ 618.058822] 8810356a4c00 881038470840 8810341e7dc0 c0479bd8 Aug 23 15:09:46 base1 kernel: [ 618.058825] 881038470838 881038470848 88103847 8810341e7df8 Aug 23 15:09:46 base1 kernel: [ 618.058827] Call Trace: Aug 23 15:09:46 base1 kernel: [ 618.058863] [] nbp_vlan_flush+0x28/0x65 [bridge] Aug 23 15:09:46 base1 kernel: [ 618.058870] [] del_nbp+0x98/0x130 [bridge] Aug 23 15:09:46 base1 kernel: [ 618.058889] [] br_dev_delete+0x42/0xb0 [bridge] Aug 23 15:09:46 base1 kernel: [ 618.058895] [] br_del_bridge+0x4a/0x70 [bridge] Aug 23 15:09:46 base1 kernel: [ 618.058911] [] br_ioctl_deviceless_stub+0x153/0x230 [bridge] Aug 23 15:09:46 base1 kernel: [ 618.058984] [] ? security_file_alloc+0x33/0x50 Aug 23 15:09:46 base1 kernel: [ 618.059095] [] sock_ioctl+0x215/0x290 Aug 23 15:09:46 base1 kernel: [ 618.059121] [] do_vfs_ioctl+0x29f/0x490 Aug 23 15:09:46 base1 kernel: [ 618.059223] [] ? __do_page_fault+0x1b4/0x400 Aug 23 15:09:46 base1 kernel: [ 618.059264] [] ? fd_install+0x25/0x30 Aug 23 15:09:46 base1 kernel: [ 618.059266] [] SyS_ioctl+0x79/0x90
[Touch-packages] [Bug 1616107] Re: Kernel oops + system freeze on network-bridge shutdown
4.4.0-38.57 doesn't fix the issue 4.4.20-040420-generic doesn't fix it either 4.7.* are fine but there's a bug with xenbus that renders 4.7.* unusable with xen (https://patchwork.kernel.org/patch/9281193/) 4.8rcs are ok -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to bridge-utils in Ubuntu. https://bugs.launchpad.net/bugs/1616107 Title: Kernel oops + system freeze on network-bridge shutdown Status in bridge-utils package in Ubuntu: New Status in linux package in Ubuntu: Confirmed Bug description: A Kernel oops leaves Ubuntu 16.04 unusable when a network bridge is brought down on a HPE 530SFP+ 10GBit NIC that uses bnx2x as a driver. This error does not appear in Ubuntu 14.04 however. The error is reproducible whenever issuing the commands "shutdown", "service networking stop" or "brctl delbr br0". Manually creating the bridge and subsequently bringing it down results in the same error. /var/log/kern.log: [...] Aug 23 15:09:46 base1 kernel: [ 617.996677] device ens1f0 left promiscuous mode Aug 23 15:09:46 base1 kernel: [ 617.996699] br0: port 1(ens1f0) entered disabled state Aug 23 15:09:46 base1 kernel: [ 617.996730] BUG: unable to handle kernel NULL pointer dereference at 00d2 Aug 23 15:09:46 base1 kernel: [ 618.008306] IP: [] __vlan_flush+0x18/0x60 [bridge] Aug 23 15:09:46 base1 kernel: [ 618.020549] PGD 10374c0067 PUD 1033927067 PMD 0 Aug 23 15:09:46 base1 kernel: [ 618.032773] Oops: 0002 [#1] SMP Aug 23 15:09:46 base1 kernel: [ 618.044434] Modules linked in: nls_iso8859_1 ipmi_ssif intel_rapl x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel kvm irqbypass sb_edac edac_core joydev bridge stp llc input_leds hpilo lpc_ich ioatdma ipmi_si ipmi_msghandler shpchp mac_hid acpi_power_meter ib_iser rdma_cm iw_cm ib_cm ib_sa ib_mad ib_core ib_addr iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi autofs4 btrfs raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq raid0 multipath linear raid1 hid_generic crct10dif_pclmul crc32_pclmul aesni_intel aes_x86_64 lrw gf128mul glue_helper ablk_helper cryptd igb usbhid hid bnx2x dca ahci i2c_algo_bit vxlan libahci ip6_udp_tunnel udp_tunnel ptp pps_core mdio libcrc32c wmi fjes Aug 23 15:09:46 base1 kernel: [ 618.058563] CPU: 3 PID: 4049 Comm: brctl Not tainted 4.4.0-34-generic #53-Ubuntu Aug 23 15:09:46 base1 kernel: [ 618.058564] Hardware name: HP ProLiant DL120 Gen9/ProLiant DL120 Gen9, BIOS P86 05/05/2016 Aug 23 15:09:46 base1 kernel: [ 618.058574] task: 881030676040 ti: 8810341e4000 task.ti: 8810341e4000 Aug 23 15:09:46 base1 kernel: [ 618.058576] RIP: 0010:[] [] __vlan_flush+0x18/0x60 [bridge] Aug 23 15:09:46 base1 kernel: [ 618.058754] RSP: 0018:8810341e7d68 EFLAGS: 00010206 Aug 23 15:09:46 base1 kernel: [ 618.058769] RAX: RBX: RCX: Aug 23 15:09:46 base1 kernel: [ 618.058774] RDX: 881038470848 RSI: RDI: Aug 23 15:09:46 base1 kernel: [ 618.058775] RBP: 8810341e7d78 R08: R09: 8170d949 Aug 23 15:09:46 base1 kernel: [ 618.058776] R10: ead61340 R11: 8810329d2c00 R12: 00c0 Aug 23 15:09:46 base1 kernel: [ 618.058777] R13: 881030044000 R14: 881038470840 R15: Aug 23 15:09:46 base1 kernel: [ 618.058782] FS: 7f9aebc94700() GS:88107fcc() knlGS: Aug 23 15:09:46 base1 kernel: [ 618.058789] CS: 0010 DS: ES: CR0: 80050033 Aug 23 15:09:46 base1 kernel: [ 618.058790] CR2: 00d2 CR3: 00102fe83000 CR4: 001406e0 Aug 23 15:09:46 base1 kernel: [ 618.058802] Stack: Aug 23 15:09:46 base1 kernel: [ 618.058806] 8810356a4c00 8810341e7d98 c0489258 Aug 23 15:09:46 base1 kernel: [ 618.058822] 8810356a4c00 881038470840 8810341e7dc0 c0479bd8 Aug 23 15:09:46 base1 kernel: [ 618.058825] 881038470838 881038470848 88103847 8810341e7df8 Aug 23 15:09:46 base1 kernel: [ 618.058827] Call Trace: Aug 23 15:09:46 base1 kernel: [ 618.058863] [] nbp_vlan_flush+0x28/0x65 [bridge] Aug 23 15:09:46 base1 kernel: [ 618.058870] [] del_nbp+0x98/0x130 [bridge] Aug 23 15:09:46 base1 kernel: [ 618.058889] [] br_dev_delete+0x42/0xb0 [bridge] Aug 23 15:09:46 base1 kernel: [ 618.058895] [] br_del_bridge+0x4a/0x70 [bridge] Aug 23 15:09:46 base1 kernel: [ 618.058911] [] br_ioctl_deviceless_stub+0x153/0x230 [bridge] Aug 23 15:09:46 base1 kernel: [ 618.058984] [] ? security_file_alloc+0x33/0x50 Aug 23 15:09:46 base1 kernel: [ 618.059095] [] sock_ioctl+0x215/0x290 Aug 23 15:09:46 base1 kernel: [ 618.059121] [] do_vfs_ioctl+0x29f/0x490 Aug 23 15:09:46 base1 kernel: [ 618.059223] [] ?
