Ubuntu
networkd-dispatcher package

Permissions problem on run scripts after networkd-dispatcher (1.7-0ubuntu3.4)

Bug #1972667 reported by Roger Cornelius
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
networkd-dispatcher (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

I'm unsure if this is a bug or intended behavior. I posted to answers.launchpad.net but received no helpful replies.

On ubuntu 20.04.4 LTS after install of update “networkd-dispatcher (1.7-0ubuntu3.4)”, scripts in /etc/networkd-dispatcher/routable.d with 700 permissions that used to run as expected, fail to do so. E.g., I have some routing commands in /etc/networkd-dispatcher/routable.d/50-iptables that should execute at boot time but stopped after this update installed, and ‘service networkd-dispatcher status’ returns:

May 07 14:14:49 Krieger networkd-dispatcher[581]: ERROR:invalid permissions on /etc/networkd-dispatcher/routable.d/50-iptables. Expected mode=0o755, uid=0, gid=0; got mode=0o700, uid=0, >

Changing permissions on 50-iptables from 0700 to 0755 corrected the problem.

I've read the Changelog for the update, and the later update “networkd-dispatcher (1.7-0ubuntu3.5)” which corrected a regression has also been applied but the unexpected behavior remains.

Is this less-restrictive permissions requirement an intended result of the update? Is the perms requirement documented anywhere? I don't see it in the networkd-dispatcher man page.

Thank you

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in networkd-dispatcher (Ubuntu):
status: New → Confirmed
Brian Murray (brian-murray)
tags: added: focal
tags: added: bionic
removed: focal
tags: added: regression-security
Revision history for this message
Rodrigo Figueiredo Zaiden (rodrigo-zaiden) wrote :

Hi,
Thanks for reporting this bug.

It is the intended result of the update, following the upstream commit below:
 https://gitlab.com/craftyguy/networkd-dispatcher/-/commit/2e226ee027bdc8022f0e10470318f89f25dc6133
Mainly, the permission checks added in `check_perms()`. The fixed less-restrictive permission seems to be addressed with `st_mode == mode`.

The restriction to 0755 was set with above commit but I also don't see any documentation nor manual guidance, I'm sorry about that.

It seems for me that it was the expected permission of a script as it was expected to be executed, but that proved to be wrong as it was working before. (but I must say that I'm not a networkd-dispatcher expert)

Anyway, I raised this issue with the upstream maintainers:
 https://gitlab.com/craftyguy/networkd-dispatcher/-/issues/66
feel free to comment on there as well. hope to hear back soon

thanks!

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.