Ubuntu
linux package

QRT failed on test_101_proc_fd_leaks (main.KernelSecurityTest)

Bug #1034930 reported by C de-Avillez on 2012-08-09

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	QA Regression Testing	Fix Released	Undecided	Unassigned
	linux (Ubuntu)	Invalid	Critical	Unassigned

Bug Description

Running SRU tests for Natty 2.6.38-15.65-generic-pae 2.6.38.8, got hit by this failure:

08/08 22:02:52 ERROR|base_utils:0114| [stderr] ======================================================================
08/08 22:02:52 ERROR|base_utils:0114| [stderr] FAIL: test_101_proc_fd_leaks (__main__.KernelSecurityTest)
08/08 22:02:52 ERROR|base_utils:0114| [stderr] /proc/$pid/ DAC bypass on setuid (CVE-2011-1020)
08/08 22:02:52 ERROR|base_utils:0114| [stderr] ----------------------------------------------------------------------
08/08 22:02:52 ERROR|base_utils:0114| [stderr] Traceback (most recent call last):
08/08 22:02:52 ERROR|base_utils:0114| [stderr] File "./test-kernel-security.py", line 1411, in test_101_proc_fd_leaks
08/08 22:02:52 ERROR|base_utils:0114| [stderr] self.assertShellOutputContains(bad[name], ['sudo','-u',os.environ['SUDO_USER'],"sh","-c","echo '' | ./dac-bypass.py %s" % (name)], invert=expected)
08/08 22:02:52 ERROR|base_utils:0114| [stderr] File "/home/ubuntu/autotest/client/tests/qrt/src/scripts/testlib.py", line 950, in assertShellOutputContains
08/08 22:02:52 ERROR|base_utils:0114| [stderr] self.assertTrue(text in out, msg + result + report)
08/08 22:02:52 ERROR|base_utils:0114| [stderr] AssertionError: Got exit code 10. Looking for text " 0x"
08/08 22:02:52 ERROR|base_utils:0114| [stderr] Command: 'sudo', '-u', 'ubuntu', 'sh', '-c', 'echo '' | ./dac-bypass.py syscall'
08/08 22:02:52 ERROR|base_utils:0114| [stderr] Output:
08/08 22:02:52 ERROR|base_utils:0114| [stderr] (current) UNIX password: passwd: Authentication token manipulation error
08/08 22:02:52 ERROR|base_utils:0114| [stderr] passwd: password unchanged
08/08 22:02:52 ERROR|base_utils:0114| [stderr] Changing password for ubuntu.
08/08 22:02:52 ERROR|base_utils:0114| [stderr]
08/08 22:02:52 ERROR|base_utils:0114| [stderr]
08/08 22:02:52 ERROR|base_utils:0114| [stderr] ----------------------------------------------------------------------
08/08 22:02:52 ERROR|base_utils:0114| [stderr] Ran 51 tests in 19.822s
08/08 22:02:52 ERROR|base_utils:0114| [stderr]
08/08 22:02:52 ERROR|base_utils:0114| [stderr] FAILED (failures=1)

Please note that the invalid opcode trap is bug 1028178; the hanging on ecryptfs tests is tracked by bug 1028112 and bug 1034179. This bug is about the test_101_proc_fd_leaks *only*.

ProblemType: Bug
DistroRelease: Ubuntu 11.04
Package: linux-image-2.6.38-15-generic-pae 2.6.38-15.65
ProcVersionSignature: Ubuntu 2.6.38-15.65-generic-pae 2.6.38.8
Uname: Linux 2.6.38-15-generic-pae i686
AlsaDevices:
total 0
crw------- 1 root root 116, 1 2012-08-08 21:46 seq
crw------- 1 root root 116, 33 2012-08-08 21:46 timer
AplayDevices: Error: [Errno 2] No such file or directory
Architecture: i386
ArecordDevices: Error: [Errno 2] No such file or directory
AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/seq', '/dev/snd/timer'] failed with exit code 1:
CRDA: Error: [Errno 2] No such file or directory
CurrentDmesg:

Date: Thu Aug 9 09:48:28 2012
HibernationDevice: RESUME=UUID=595b8d23-8020-4f55-8902-44811e9695d7
IwConfig: Error: [Errno 2] No such file or directory
MachineType: Dell Inc. PowerEdge R415
PciMultimedia:

ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-2.6.38-15-generic-pae root=UUID=54e84e35-3c04-41a5-812c-ce8431caab51 ro quiet
RelatedPackageVersions:
linux-restricted-modules-2.6.38-15-generic-pae N/A
linux-backports-modules-2.6.38-15-generic-pae N/A
linux-firmware 1.52.4
RfKill: Error: [Errno 2] No such file or directory
SourcePackage: linux
UpgradeStatus: No upgrade log present (probably fresh install)
dmi.bios.date: 12/06/2011
dmi.bios.vendor: Dell Inc.
dmi.bios.version: 1.8.6
dmi.board.name: 08WNM9
dmi.board.vendor: Dell Inc.
dmi.board.version: A02
dmi.chassis.type: 23
dmi.chassis.vendor: Dell Inc.
dmi.modalias: dmi:bvnDellInc.:bvr1.8.6:bd12/06/2011:svnDellInc.:pnPowerEdgeR415:pvr:rvnDellInc.:rn08WNM9:rvrA02:cvnDellInc.:ct23:cvr:
dmi.product.name: PowerEdge R415
dmi.sys.vendor: Dell Inc.

Tags:

CVE References

2011-1020

Revision history for this message

C de-Avillez (hggdh2) wrote on 2012-08-09:

AcpiTables.txt Edit (136.7 KiB, text/plain; charset="utf-8")
BootDmesg.txt Edit (59.2 KiB, text/plain; charset="utf-8")
Dependencies.txt Edit (2.0 KiB, text/plain; charset="utf-8")
Lspci.txt Edit (12.5 KiB, text/plain; charset="utf-8")
Lsusb.txt Edit (507 bytes, text/plain; charset="utf-8")
ProcCpuinfo.txt Edit (5.3 KiB, text/plain; charset="utf-8")
ProcCpuinfo_.txt Edit (5.3 KiB, text/plain; charset="utf-8")
ProcEnviron.txt Edit (135 bytes, text/plain; charset="utf-8")
ProcInterrupts.txt Edit (3.3 KiB, text/plain; charset="utf-8")
ProcModules.txt Edit (1.2 KiB, text/plain; charset="utf-8")
UdevDb.txt Edit (105.3 KiB, text/plain; charset="utf-8")
UdevLog.txt Edit (239.6 KiB, text/plain; charset="utf-8")
WifiSyslog.txt Edit (207.7 KiB, text/plain; charset="utf-8")

Brad Figg (brad-figg) on 2012-08-09

Changed in linux (Ubuntu):
status:	New → Confirmed

C de-Avillez (hggdh2) on 2012-08-09

tags:

added: qa-regression-testing
removed: qa-sru-testing

Revision history for this message

Luis Henriques (henrix) wrote on 2012-08-09:

The problem seems to be in the qrt framework code: the test fails to detect that the kernel contains already the fix for CVE-2011-1020 and inverts the test pass/fail criteria. The CVE fix check is done by checking the changelog in /usr/share/doc/linux-image-VERSION/changelog.Debian.gz. The problem is that this file is truncated, and the entry that refers to the CVE fix may be left out.

Here's the code from test-kernel-security.py:
    def test_101_proc_fd_leaks(self):
       ...
        expected = True
        # temporarily unfixed in stable releases...
        if not self.kernel_at_least('3.0'):
            expected = self.kernel_claims_cve_fixed('CVE-2011-1020')
            if not expected:
                self._skipped("not fixed before Oneiric yet")

and the kernel_claims_cve_fixed() implementation, in file testlib.py:
    def kernel_claims_cve_fixed(self, cve):
        changelog = "/usr/share/doc/linux-image-%s/changelog.Debian.gz" % (self.kernel_version)
        if os.path.exists(changelog):
            for line in gzip.open(changelog):
                if cve in line and not "revert" in line and not "Revert" in line:
                    return True
        return False

Revision history for this message

C de-Avillez (hggdh2) wrote on 2012-08-09:

Given Henrique's comment, I am closing the linux task, and opening a task against QRT; I will also pass the SRU.

Changed in linux (Ubuntu):
status:	Confirmed → Invalid

Revision history for this message

Joseph Salisbury (jsalisbury) wrote on 2012-08-10:

@Carlos,

Have you run this test against other kernels to see if this bug is limited to Natty?

tags:

added: kernel-da-key qa-sru-testing
removed: qa-regression-testing

Revision history for this message

Joseph Salisbury (jsalisbury) wrote on 2012-08-10:

Sorry, didn't realize it was already marked as Invalid.

Revision history for this message

Steve Beattie (sbeattie) wrote on 2013-01-08:

This was fixed in lp:qa-regression-testing commit 1666, marking closed.

Changed in qa-regression-testing:
status:	New → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntulinux package

QRT failed on test_101_proc_fd_leaks (__main__.KernelSecurityTest)

Bug Description

CVE References

Other bug subscribers

Bug attachments

Remote bug watches

Ubuntu
linux package

QRT failed on test_101_proc_fd_leaks (main.KernelSecurityTest)