Bug#818628: apt: apt search/show command, segfault if the user does not have permission to read sources.list
Control: tag -1 confirmed
On Fri, Mar 18, 2016 at 09:23:40PM +0100, Alfredo Finelli wrote:
> Package: apt
> Version: 1.2.7
> Severity: normal
>
> The /usr/bin/apt command causes a segmentation fault by list/search/show if the
> user running it does not have the necessary permissions to read the
> sources.list files. The bug can be reproduced in the following way:
>
> # ls -l /etc/apt/sources.list.d/
> total 4
> -rw-r--r-- 1 root root 343 Jan 21 11:33 all.sources
> # chmod 0640 /etc/apt/sources.list.d/all.sources
> # ls -l /etc/apt/sources.list.d/
> total 4
> -rw-r----- 1 root root 343 Jan 21 11:33 all.sources
>
> Then as a normal non root user:
>
> $ apt search linux-image-amd64
> Segmentation fault
> $ apt show linux-image-amd64
> Segmentation fault
> $
>
> While in that same setting the apt-cache command is able to display an error
> message with no segfault.
>
> $ apt-cache search linux-image-amd64
> E: Could not open file /etc/apt/sources.list.d/all.sources - open (13: Permission denied)
> E: Malformed stanza 1 in source list /etc/apt/sources.list.d/all.sources (type)
> E: The list of sources could not be read.
> W: You may want to run apt-get update to correct these problems
> E: The package cache file is corrupted
> $
>
> Thanks for working on apt, best regards.
Thanks for your bug report. I'm working on this in my bugfix/segfault branch at:
https://github.com/julian-klode/apt/compare/master...julian-klode:bugfix/segfault?expand=1
It turns out that this bug is deep within APT and it might take a few hours of work tomorrow
to fix this :( - The fixes so far cause the tests to segfault AFAICT...
--
Debian Developer - deb.li/jak | jak-linux.org - free software dev
When replying, only quote what is necessary, and write each reply
directly below the part(s) it pertains to (`inline'). Thank you.
Reply to: