ubuntu-kernel-tests

ubuntu_qrt_* failed on clouds with "repository owned by someone else"

Bug #1968961 reported by Po-Hsu Lin on 2022-04-14

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	ubuntu-kernel-tests	Fix Released	Undecided	Unassigned

Bug Description

Issue found on this cycle, sru-20220321, with:
  * I-gcp
  * F-gcp
  * B-azure-5.4
  * B-azure-fips

Test failed with:
Running 'mv /home/ubuntu/qa-regression-testing .'
fatal: unsafe repository ('/home/ubuntu/autotest/client/tmp/ubuntu_qrt_kernel_aslr_collisions/src/qa-regression-testing' is owned by someone else)

As this is not affecting all the clouds, I think it might be something to our infrastructure that host this qa-regression-testing repo.

Tags:

CVE References

2022-24765

Revision history for this message

Po-Hsu Lin (cypressyew) wrote on 2022-04-14:

On Azure,
It's because of the qa-regression directory was owned by azure, but the test was executed as root.
I wonder why we don't have this issue in the past.

Revision history for this message

Dimitri John Ledkov (xnox) wrote on 2022-04-14:

I think it's a git CVE.

Revision history for this message

Po-Hsu Lin (cypressyew) wrote on 2022-04-14 (last edit on 2022-04-14):

Ah ok, so a patch to our tool is a must then.
No wonder it's failing overnight.
Thanks for the info!

Revision history for this message

Po-Hsu Lin (cypressyew) wrote on 2022-04-15:

Patch applied and pushed.

The aforementioned security issue is CVE-2022-24765 https://<email address hidden>/

Changed in ubuntu-kernel-tests:
status:	New → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.