Bug#953957: [live-build] W: Download is performed unsandboxed as root as file '<file>.dsc' couldn't be accessed by user '_apt'. - pkgAcquire::Run (13: Permission denied)

To: jnqnfe@gmail.com, 953957@bugs.debian.org
Subject: Bug#953957: [live-build] W: Download is performed unsandboxed as root as file '<file>.dsc' couldn't be accessed by user '_apt'. - pkgAcquire::Run (13: Permission denied)
From: Luca Boccassi <bluca@debian.org>
Date: Sun, 15 Mar 2020 21:37:49 +0000
Message-id: <[🔎] 5352d8d6147605dceab8b32ff17e0ae74079ece2.camel@debian.org>
Reply-to: Luca Boccassi <bluca@debian.org>, 953957@bugs.debian.org
In-reply-to: <[🔎] adc0b2543ea4d8c82793048564130cc1f1beab54.camel@gmail.com>
References: <[🔎] de6f64350a32efd99c88758ac84333b1929bee21.camel@gmail.com> <[🔎] aa5a59b02febd4d0091f6cc90a706cc75fb5f270.camel@debian.org> <[🔎] adc0b2543ea4d8c82793048564130cc1f1beab54.camel@gmail.com> <[🔎] de6f64350a32efd99c88758ac84333b1929bee21.camel@gmail.com>

On Sun, 2020-03-15 at 18:20 +0000, jnqnfe@gmail.com wrote:
> On Sun, 2020-03-15 at 11:34 +0000, Luca Boccassi wrote:
> > The reason I asked for the change and I wasn't comfortable with
> > making
> > the download directory 777 is that live-build is routinely used in
> > automated production systems to create images. I do not want to
> > introduce the risk of a rogue, unprivileged process to be able to
> > mess
> > with the downloaded files after apt has ran, if it's just to fix a
> > harmless warning.
> > 
> > If it can be fixed without introducing risk - great! If not, I
> > would
> > recommend to document it and leave it.
> 
> I hope that my bug report did not make you feel that I was being
> critical of your decision. That is not the case, I very much agree
> with
> whying away from 777. I was just trying to document the details of
> what
> worked and what did not. :)
> 
> FWIW I care greatly about security and as mentioned in the MR, I need
> to refresh my mind (I'll  look it up shortly) as to what protections
> parent directory permissions give to subdirs as I might have been
> mistakenly thinking that the parent having root:root 755 permissions
> would prevent malicious outside access to this directory, but I'm
> probably wrong. (a long time since I last referenced that fundamental
> detail).
> 
> I'm not so sure that we could consider the warning harmless. I would
> expect that apt is warning that it was unable to drop root privileges
> to do verification of the file or something, which means that a
> malicious file from a MITM hijack could trigger a bug if there were
> one
> in apt and gain root privileges rather than user.
> 
> Anyway, I'm getting a little off topic...
> 
> ---
> 
> Regarding the bug itself, I had an epiphany last night which I just
> checked out and confirmed. The problem is simply that we're
> performing
> the chown from the host level whilst running apt-get within the
> chroot,
> and there's no guarantee that the _apt user will have the same UID
> between the two. To fix the problem all we need to do is run chown
> within the chroot environment too, thus actually assigning the
> correct
> UID to the folder.
> 
> I just tested this and it works :D
> I'll post an MR in a moment.

Great, thanks for fixing that - just wanted to ensure all details were
in the bug report

-- 
Kind regards,
Luca Boccassi

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to:

References:
- Bug#953957: [live-build] W: Download is performed unsandboxed as root as file '<file>.dsc' couldn't be accessed by user '_apt'. - pkgAcquire::Run (13: Permission denied)
  - From: jnqnfe@gmail.com
- Bug#953957: [live-build] W: Download is performed unsandboxed as root as file '<file>.dsc' couldn't be accessed by user '_apt'. - pkgAcquire::Run (13: Permission denied)
  - From: Luca Boccassi <bluca@debian.org>
- Bug#953957: [live-build] W: Download is performed unsandboxed as root as file '<file>.dsc' couldn't be accessed by user '_apt'. - pkgAcquire::Run (13: Permission denied)
  - From: jnqnfe@gmail.com

Prev by Date: Bug#953957: [live-build] W: Download is performed unsandboxed as root as file '<file>.dsc' couldn't be accessed by user '_apt'. - pkgAcquire::Run (13: Permission denied)
Next by Date: Processed: Bug#953957 marked as pending in live-build
Previous by thread: Bug#953957: [live-build] W: Download is performed unsandboxed as root as file '<file>.dsc' couldn't be accessed by user '_apt'. - pkgAcquire::Run (13: Permission denied)
Next by thread: Bug#953957: [live-build] W: Download is performed unsandboxed as root as file '<file>.dsc' couldn't be accessed by user '_apt'. - pkgAcquire::Run (13: Permission denied)
Index(es):
- Date
- Thread