Bug#990766: marked as done (unblock: kakoune/2020.01.16-3)

["Debian Bug Tracking System" <owner@bugs.debian.org>]

Your message dated Tue, 6 Jul 2021 22:13:20 +0200
with message-id <YOS5YPerM3Kgh1ay@ramacher.at>
and subject line Re: Bug#990766: unblock: kakoune/2020.01.16-3
has caused the Debian Bug report #990766,
regarding unblock: kakoune/2020.01.16-3
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
990766: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990766
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: unblock: kakoune/2020.01.16-3
• From: Peter Pentchev <roam@ringlet.net>
• Date: Tue, 6 Jul 2021 17:11:54 +0300
• Message-id: <[🔎] 162558065400.4009475.6535691684952241541.reportbug@straylight.m.ringlet.net>

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package kakoune to fix a grave bug that makes it
unusable if it is started via "su" before being started from
a normal user account.

[ Reason ]
See #990635 for more information: if, after the system has been
restarted, kakoune is invoked via "su" before it has been invoked
from the session user's account, it will create its runtime
/run/user/<uid>/kakoune directory owned by root. This will prevent
later instances of kakoune, started with normal user rights, from
running at all.

[ Impact ]
If the user runs `su -c 'kak ...'` before running `kak ...`, they
will be unable to run `kak ...` until they remove the runtime
directory or the system is restarted.

[ Tests ]
None.

[ Risks ]
Leaf package, not widely used. The upstream fix is pretty
straightforward - check user IDs, verify directory ownership,
use a different directory if necessary. Hopefully very low risk.

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing

unblock kakoune/2020.01.16-3

diff -Nru kakoune-2020.01.16/debian/changelog kakoune-2020.01.16/debian/changelog
--- kakoune-2020.01.16/debian/changelog	2020-07-26 01:56:44.000000000 +0300
+++ kakoune-2020.01.16/debian/changelog	2021-07-05 22:15:28.000000000 +0300
@@ -1,3 +1,12 @@
+kakoune (2020.01.16-3) unstable; urgency=medium
+
+  * Add the 13-upstream-check-dir-owner and 14-upstream-rework-dir-logic
+    patches from the upstream Git repository to stop kakoune started as
+    root from making its runtime directory inaccessible to the normal
+    user account of the session user. Closes: #990635
+
+ -- Peter Pentchev <roam@debian.org>  Mon, 05 Jul 2021 22:15:28 +0300
+
 kakoune (2020.01.16-2) unstable; urgency=medium
 
   * Add some files to debian/clean to allow kakoune to be built twice in
diff -Nru kakoune-2020.01.16/debian/patches/13-upstream-check-dir-owner.patch kakoune-2020.01.16/debian/patches/13-upstream-check-dir-owner.patch
--- kakoune-2020.01.16/debian/patches/13-upstream-check-dir-owner.patch	1970-01-01 02:00:00.000000000 +0200
+++ kakoune-2020.01.16/debian/patches/13-upstream-check-dir-owner.patch	2021-07-05 22:05:35.000000000 +0300
@@ -0,0 +1,22 @@
+Description: Check XDG_RUNTIME_DIR owner before creating session directory
+ This avoids an issue when using `su` and running Kakoune which creates
+ a session directory owned by root and prevents the user from creating
+ more sessions.
+Origin: upstream; https://github.com/mawww/kakoune/commit/7751c7e188bfc7b2f7e4a70e33032677d84597e5
+Author: Maxime Coste <mawww@kakoune.org>
+Bug-Debian: https://bugs.debian.org/990635
+Last-Update: 2021-07-05
+
+--- a/src/remote.cc
++++ b/src/remote.cc
+@@ -554,6 +554,10 @@
+         // set sticky bit on the shared kakoune directory
+         make_directory(format("{}/kakoune", tmpdir()), 01777);
+     }
++    else if (struct stat st;
++             stat(xdg_runtime_dir.zstr(), &st) == 0 && st.st_uid != geteuid())
++        throw runtime_error("XDG_RUNTIME_DIR is not owned by current user");
++
+     make_directory(session_directory(), 0711);
+ }
+ 
diff -Nru kakoune-2020.01.16/debian/patches/14-upstream-rework-dir-logic.patch kakoune-2020.01.16/debian/patches/14-upstream-rework-dir-logic.patch
--- kakoune-2020.01.16/debian/patches/14-upstream-rework-dir-logic.patch	1970-01-01 02:00:00.000000000 +0200
+++ kakoune-2020.01.16/debian/patches/14-upstream-rework-dir-logic.patch	2021-07-05 22:15:28.000000000 +0300
@@ -0,0 +1,77 @@
+Description: Rework session directory logic
+ Do not use a shared kakoune/ directory for all users to avoid the
+ complexity of having to set the sticky bit on that dir, resolve the
+ session directory only once by using a static variable and an
+ immediately evaluated lambda.
+ .
+ This fixes an annoyance whenever using `su` and having Kakoune refuse
+ to start due to XDG_RUNTIME_DIR still being set.
+Origin: upstream; https://github.com/mawww/kakoune/commit/db9ef82398a08bdf985ff26bfb230fb0cd1221a5
+Author: Maxime Coste <mawww@kakoune.org>
+Bug-Debian: https://bugs.debian.org/990635
+Last-Update: 2021-07-05
+
+--- a/src/remote.cc
++++ b/src/remote.cc
+@@ -537,28 +537,20 @@
+     return getenv("USER");
+ }
+ 
+-String session_directory()
++const String& session_directory()
+ {
+-    StringView xdg_runtime_dir = getenv("XDG_RUNTIME_DIR");
+-    if (xdg_runtime_dir.empty())
+-        return format("{}/kakoune/{}", tmpdir(), get_user_name());
+-    else
+-        return format("{}/kakoune", xdg_runtime_dir);
+-}
+-
+-void make_session_directory()
+-{
+-    StringView xdg_runtime_dir = getenv("XDG_RUNTIME_DIR");
+-    if (xdg_runtime_dir.empty())
+-    {
+-        // set sticky bit on the shared kakoune directory
+-        make_directory(format("{}/kakoune", tmpdir()), 01777);
+-    }
+-    else if (struct stat st;
+-             stat(xdg_runtime_dir.zstr(), &st) == 0 && st.st_uid != geteuid())
+-        throw runtime_error("XDG_RUNTIME_DIR is not owned by current user");
+-
+-    make_directory(session_directory(), 0711);
++    static String session_dir = [] {
++        StringView xdg_runtime_dir = getenv("XDG_RUNTIME_DIR");
++        if (not xdg_runtime_dir.empty())
++        {
++            if (struct stat st; stat(xdg_runtime_dir.zstr(), &st) == 0 && st.st_uid == geteuid())
++                return format("{}/kakoune", xdg_runtime_dir);
++            else
++                write_to_debug_buffer("XDG_RUNTIME_DIR does not exist or not owned by current user, using tmpdir");
++        }
++        return format("{}/kakoune-{}", tmpdir(), get_user_name());
++    }();
++    return session_dir;
+ }
+ 
+ String session_path(StringView session)
+@@ -808,7 +800,7 @@
+     fcntl(listen_sock, F_SETFD, FD_CLOEXEC);
+     sockaddr_un addr = session_addr(m_session);
+ 
+-    make_session_directory();
++    make_directory(session_directory(), 0711);
+ 
+     // Do not give any access to the socket to other users by default
+     auto old_mask = umask(0077);
+--- a/src/remote.hh
++++ b/src/remote.hh
+@@ -45,7 +45,7 @@
+ 
+ void send_command(StringView session, StringView command);
+ String get_user_name();
+-String session_directory();
++const String& session_directory();
+ String session_path(StringView session);
+ 
+ struct Server : public Singleton<Server>
diff -Nru kakoune-2020.01.16/debian/patches/series kakoune-2020.01.16/debian/patches/series
--- kakoune-2020.01.16/debian/patches/series	2020-07-26 00:53:08.000000000 +0300
+++ kakoune-2020.01.16/debian/patches/series	2021-07-05 20:54:47.000000000 +0300
@@ -8,3 +8,5 @@
 10-upstream-empty-strings.patch
 11-upstream-deleted-line.patch
 12-upstream-empty-register.patch
+13-upstream-check-dir-owner.patch
+14-upstream-rework-dir-logic.patch

Attachment: signature.asc
Description: PGP signature

--- End Message ---

--- Begin Message ---

• To: Peter Pentchev <roam@ringlet.net>, 990766-done@bugs.debian.org
• Subject: Re: Bug#990766: unblock: kakoune/2020.01.16-3
• From: Sebastian Ramacher <sramacher@debian.org>
• Date: Tue, 6 Jul 2021 22:13:20 +0200
• Message-id: <YOS5YPerM3Kgh1ay@ramacher.at>
• In-reply-to: <[🔎] 162558065400.4009475.6535691684952241541.reportbug@straylight.m.ringlet.net>
• References: <[🔎] 162558065400.4009475.6535691684952241541.reportbug@straylight.m.ringlet.net>

On 2021-07-06 17:11:54 +0300, Peter Pentchev wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian.org@packages.debian.org
> Usertags: unblock
> 
> Please unblock package kakoune to fix a grave bug that makes it
> unusable if it is started via "su" before being started from
> a normal user account.
> 
> [ Reason ]
> See #990635 for more information: if, after the system has been
> restarted, kakoune is invoked via "su" before it has been invoked
> from the session user's account, it will create its runtime
> /run/user/<uid>/kakoune directory owned by root. This will prevent
> later instances of kakoune, started with normal user rights, from
> running at all.
> 
> [ Impact ]
> If the user runs `su -c 'kak ...'` before running `kak ...`, they
> will be unable to run `kak ...` until they remove the runtime
> directory or the system is restarted.
> 
> [ Tests ]
> None.
> 
> [ Risks ]
> Leaf package, not widely used. The upstream fix is pretty
> straightforward - check user IDs, verify directory ownership,
> use a different directory if necessary. Hopefully very low risk.
> 
> [ Checklist ]
>   [x] all changes are documented in the d/changelog
>   [x] I reviewed all changes and I approve them
>   [x] attach debdiff against the package in testing
> 
> unblock kakoune/2020.01.16-3

Aged to 7 days since the package has successful autopkgtests.

Cheers


> diff -Nru kakoune-2020.01.16/debian/changelog kakoune-2020.01.16/debian/changelog
> --- kakoune-2020.01.16/debian/changelog	2020-07-26 01:56:44.000000000 +0300
> +++ kakoune-2020.01.16/debian/changelog	2021-07-05 22:15:28.000000000 +0300
> @@ -1,3 +1,12 @@
> +kakoune (2020.01.16-3) unstable; urgency=medium
> +
> +  * Add the 13-upstream-check-dir-owner and 14-upstream-rework-dir-logic
> +    patches from the upstream Git repository to stop kakoune started as
> +    root from making its runtime directory inaccessible to the normal
> +    user account of the session user. Closes: #990635
> +
> + -- Peter Pentchev <roam@debian.org>  Mon, 05 Jul 2021 22:15:28 +0300
> +
>  kakoune (2020.01.16-2) unstable; urgency=medium
>  
>    * Add some files to debian/clean to allow kakoune to be built twice in
> diff -Nru kakoune-2020.01.16/debian/patches/13-upstream-check-dir-owner.patch kakoune-2020.01.16/debian/patches/13-upstream-check-dir-owner.patch
> --- kakoune-2020.01.16/debian/patches/13-upstream-check-dir-owner.patch	1970-01-01 02:00:00.000000000 +0200
> +++ kakoune-2020.01.16/debian/patches/13-upstream-check-dir-owner.patch	2021-07-05 22:05:35.000000000 +0300
> @@ -0,0 +1,22 @@
> +Description: Check XDG_RUNTIME_DIR owner before creating session directory
> + This avoids an issue when using `su` and running Kakoune which creates
> + a session directory owned by root and prevents the user from creating
> + more sessions.
> +Origin: upstream; https://github.com/mawww/kakoune/commit/7751c7e188bfc7b2f7e4a70e33032677d84597e5
> +Author: Maxime Coste <mawww@kakoune.org>
> +Bug-Debian: https://bugs.debian.org/990635
> +Last-Update: 2021-07-05
> +
> +--- a/src/remote.cc
> ++++ b/src/remote.cc
> +@@ -554,6 +554,10 @@
> +         // set sticky bit on the shared kakoune directory
> +         make_directory(format("{}/kakoune", tmpdir()), 01777);
> +     }
> ++    else if (struct stat st;
> ++             stat(xdg_runtime_dir.zstr(), &st) == 0 && st.st_uid != geteuid())
> ++        throw runtime_error("XDG_RUNTIME_DIR is not owned by current user");
> ++
> +     make_directory(session_directory(), 0711);
> + }
> + 
> diff -Nru kakoune-2020.01.16/debian/patches/14-upstream-rework-dir-logic.patch kakoune-2020.01.16/debian/patches/14-upstream-rework-dir-logic.patch
> --- kakoune-2020.01.16/debian/patches/14-upstream-rework-dir-logic.patch	1970-01-01 02:00:00.000000000 +0200
> +++ kakoune-2020.01.16/debian/patches/14-upstream-rework-dir-logic.patch	2021-07-05 22:15:28.000000000 +0300
> @@ -0,0 +1,77 @@
> +Description: Rework session directory logic
> + Do not use a shared kakoune/ directory for all users to avoid the
> + complexity of having to set the sticky bit on that dir, resolve the
> + session directory only once by using a static variable and an
> + immediately evaluated lambda.
> + .
> + This fixes an annoyance whenever using `su` and having Kakoune refuse
> + to start due to XDG_RUNTIME_DIR still being set.
> +Origin: upstream; https://github.com/mawww/kakoune/commit/db9ef82398a08bdf985ff26bfb230fb0cd1221a5
> +Author: Maxime Coste <mawww@kakoune.org>
> +Bug-Debian: https://bugs.debian.org/990635
> +Last-Update: 2021-07-05
> +
> +--- a/src/remote.cc
> ++++ b/src/remote.cc
> +@@ -537,28 +537,20 @@
> +     return getenv("USER");
> + }
> + 
> +-String session_directory()
> ++const String& session_directory()
> + {
> +-    StringView xdg_runtime_dir = getenv("XDG_RUNTIME_DIR");
> +-    if (xdg_runtime_dir.empty())
> +-        return format("{}/kakoune/{}", tmpdir(), get_user_name());
> +-    else
> +-        return format("{}/kakoune", xdg_runtime_dir);
> +-}
> +-
> +-void make_session_directory()
> +-{
> +-    StringView xdg_runtime_dir = getenv("XDG_RUNTIME_DIR");
> +-    if (xdg_runtime_dir.empty())
> +-    {
> +-        // set sticky bit on the shared kakoune directory
> +-        make_directory(format("{}/kakoune", tmpdir()), 01777);
> +-    }
> +-    else if (struct stat st;
> +-             stat(xdg_runtime_dir.zstr(), &st) == 0 && st.st_uid != geteuid())
> +-        throw runtime_error("XDG_RUNTIME_DIR is not owned by current user");
> +-
> +-    make_directory(session_directory(), 0711);
> ++    static String session_dir = [] {
> ++        StringView xdg_runtime_dir = getenv("XDG_RUNTIME_DIR");
> ++        if (not xdg_runtime_dir.empty())
> ++        {
> ++            if (struct stat st; stat(xdg_runtime_dir.zstr(), &st) == 0 && st.st_uid == geteuid())
> ++                return format("{}/kakoune", xdg_runtime_dir);
> ++            else
> ++                write_to_debug_buffer("XDG_RUNTIME_DIR does not exist or not owned by current user, using tmpdir");
> ++        }
> ++        return format("{}/kakoune-{}", tmpdir(), get_user_name());
> ++    }();
> ++    return session_dir;
> + }
> + 
> + String session_path(StringView session)
> +@@ -808,7 +800,7 @@
> +     fcntl(listen_sock, F_SETFD, FD_CLOEXEC);
> +     sockaddr_un addr = session_addr(m_session);
> + 
> +-    make_session_directory();
> ++    make_directory(session_directory(), 0711);
> + 
> +     // Do not give any access to the socket to other users by default
> +     auto old_mask = umask(0077);
> +--- a/src/remote.hh
> ++++ b/src/remote.hh
> +@@ -45,7 +45,7 @@
> + 
> + void send_command(StringView session, StringView command);
> + String get_user_name();
> +-String session_directory();
> ++const String& session_directory();
> + String session_path(StringView session);
> + 
> + struct Server : public Singleton<Server>
> diff -Nru kakoune-2020.01.16/debian/patches/series kakoune-2020.01.16/debian/patches/series
> --- kakoune-2020.01.16/debian/patches/series	2020-07-26 00:53:08.000000000 +0300
> +++ kakoune-2020.01.16/debian/patches/series	2021-07-05 20:54:47.000000000 +0300
> @@ -8,3 +8,5 @@
>  10-upstream-empty-strings.patch
>  11-upstream-deleted-line.patch
>  12-upstream-empty-register.patch
> +13-upstream-check-dir-owner.patch
> +14-upstream-rework-dir-logic.patch




-- 
Sebastian Ramacher

Attachment: signature.asc
Description: PGP signature

--- End Message ---