ufw

ufw crashes in wsl2

Bug #2015645 reported by caleb collins-parks
32
This bug affects 4 people
Affects Status Importance Assigned to Milestone
ufw
Fix Released
High
Jamie Strandboge
ufw (Ubuntu)
Fix Released
High
Jamie Strandboge
Focal
Fix Released
High
Jamie Strandboge
Jammy
Fix Released
High
Jamie Strandboge
Lunar
Fix Released
High
Jamie Strandboge
Mantic
Fix Released
High
Jamie Strandboge

Bug Description

[ Impact ]

Currently, ufw is unusable on WSL due to this bug because the get_ppid() function traces back on /proc when the command name has parentheses (like in WSL). get_ppid() is called with 'ufw enable' and so ufw is not able to be enabled on WSL. The upstream patch adjusts get_ppid() for this and adds unit tests for this function.

[ Test Plan ]

Call 'sudo ufw enable' (it should not trace back) and call 'sudo ufw status' to show that it was enabled. Importantly, this is called as part of autopkgtests already.

Furthermore, look in the build logs for:

test_util
...
test_get_ppid (tests.unit.test_util.UtilTestCase)
Test get_ppid() ... ok
test_get_ppid_no_space (tests.unit.test_util.UtilTestCase)
Test get_ppid() no space ... ok
test_get_ppid_with_parens (tests.unit.test_util.UtilTestCase)
Test get_ppid() with parens ... ok
test_get_ppid_with_space (tests.unit.test_util.UtilTestCase)
Test get_ppid() with space ... ok
...
----------------------------------------------------------------------
Ran 49 tests in 0.355s

OK

[ Where problems could occur ]

The risk of regression is considered low since comprehensive unit tests are added for the patched function. Not only is this change in upstream ufw 0.36.2, it is already in Debian Bookworm and Ubuntu Mantic as part of 0.36.2-1.

# Original Description

When I enable systemd in WSL2 (it became supported recently), install ufw, and run sudo ufw enable, I get the error detailed in https://superuser.com/questions/1775776/enabling-ufw-failed-with-ubuntu-from-wsl2. You may already be aware of this error, I'm not sure if "NotTheDr01ds" has talked to you about this yet. Note that the WSL2 /proc/[pid]/stat format, although weird, does comply with the spec: https://man7.org/linux/man-pages/man5/proc.5.html

I verified that you can fix this issue by replacing the first split in line 427 with rsplit(')', 1) so it splits based on the last parenthesis instead of the all parenthesis.

Before:
ppid = open(name).readlines()[0].split(')')[1].split()[1]
After:
ppid = open(name).readlines()[0].rsplit(')',1)[1].split()[1]

C:\Users\caleb>wsl --version
WSL version: 1.1.6.0
Kernel version: 5.15.90.1
WSLg version: 1.0.50
MSRDC version: 1.2.3770
Direct3D version: 1.608.2-61064218
DXCore version: 10.0.25131.1002-220531-1700.rs-onecore-base2-hyp
Windows version: 10.0.19045.2728

➜ ufw git:(master) ufw --version
ufw 0.36
Copyright 2008-2015 Canonical Ltd.

➜ ufw git:(master) cat /proc/229/stat | cut -c -23
229 (Relay(230)) S 228

See original description
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Thanks for the report!

Changed in ufw:
status: New → Triaged
importance: Undecided → High
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Fyi, I plan to cut a ufw release with this fix soon, get it into Debian bookworm, the dev release of Ubuntu and then provide an SRU to (at least) Ubuntu 22.04.

Revision history for this message
Jamie Strandboge (jdstrand) wrote (last edit ):

https://git.launchpad.net/ufw/commit/?id=9f47dbba909cc20caf88cd39094f8596f2d7ed6a

Changed in ufw:
status: Triaged → Fix Committed
assignee: nobody → Jamie Strandboge (jdstrand)
Revision history for this message
caleb collins-parks (almenon) wrote :

Thanks! :D

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

This was fixed in 0.36.2.

Changed in ufw:
status: Fix Committed → Fix Released
Jamie Strandboge (jdstrand)
Changed in ufw (Ubuntu Mantic):
status: New → Triaged
Changed in ufw (Ubuntu Jammy):
status: New → Triaged
Changed in ufw (Ubuntu Focal):
status: New → Triaged
Changed in ufw (Ubuntu Mantic):
importance: Undecided → High
Changed in ufw (Ubuntu Jammy):
importance: Undecided → High
Changed in ufw (Ubuntu Focal):
importance: Undecided → High
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ufw - 0.36.2-1

---------------
ufw (0.36.2-1) unstable; urgency=medium

  * New upstream release (LP: #1946804, LP: #1927737, LP: #1927734,
    LP: #2015645, LP: #1996636, LP: #1965462, LP: #1951018, Closes: 1034568,
    Closes: 1034119). Drop the following (included upstream):
    - 0002-fix-copyright.patch
    - 0003-python3-versions.patch
    - 0004-set-default-policy-after-load.patch
  * Remaining changes:
    - 0001-optimize-boot.patch
  * add new debian/po/ro.po. Thanks Remus-Gabriel Chelu (Closes: 1033758)
  * debian/control:
    - Breaks with iptables-persistent and netfilter-persistent. When ufw is
      installed, it is not enabled by default, so it doesn't interfere with
      other firewall software (until it is enabled). In contrast,
      iptables-persistent and netfilter-persistent install enabled, which
      interferes with ufw. Add a breaks on these to avoid them being
      co-installed with ufw (and causing problems for users).
    - use Python-Version instead of XB-Python-Version
    - remove Depends on obsolete lsb-base
  * ufw.lintian-overrides:
    - update for breaks-without-version iptables-persistent and
      netfilter-persistent
    - update for newer lintian

 -- Jamie Strandboge <email address hidden> Thu, 18 May 2023 14:03:07 +0000

Changed in ufw (Ubuntu Mantic):
status: Triaged → Fix Released
Jamie Strandboge (jdstrand)
description: updated
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Fyi, uploaded to 0.36.1-4ubuntu0.1 and 0.36-6ubuntu1.1 to jammy-proposed and focal-proposed, respectively.

Changed in ufw (Ubuntu Focal):
status: Triaged → In Progress
Changed in ufw (Ubuntu Jammy):
status: Triaged → In Progress
Changed in ufw (Ubuntu Focal):
assignee: nobody → Jamie Strandboge (jdstrand)
Changed in ufw (Ubuntu Jammy):
assignee: nobody → Jamie Strandboge (jdstrand)
Changed in ufw (Ubuntu Mantic):
assignee: nobody → Jamie Strandboge (jdstrand)
Revision history for this message
Robie Basak (racb) wrote :

It doesn't look like this is fixed in the current stable release (Lunar) and I don't see an SRU upload for this either. What are your plans for Lunar? Please see: https://wiki.ubuntu.com/StableReleaseUpdates#Newer_Releases

If Lunar isn't relevant for WSL and therefore nobody could hit the bug there, then please explain to confirm that.

Changed in ufw (Ubuntu Jammy):
status: In Progress → Incomplete
Changed in ufw (Ubuntu Focal):
status: In Progress → Incomplete
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Robie, https://apps.microsoft.com/store/detail/ubuntu/9PDXGNCFSCZV?hl=en-us&gl=us&rtc=1 seems to indicate that only 22.04.2 is supported. Users have talked about upgrading via the command line to 22.10, but I figured that Lunar was about to EOL and no point in updating it at this time.

Changed in ufw (Ubuntu Focal):
status: Incomplete → In Progress
Changed in ufw (Ubuntu Jammy):
status: Incomplete → In Progress
Revision history for this message
Robie Basak (racb) wrote :

> Users have talked about upgrading via the command line to 22.10, but I figured that Lunar was about to EOL

You mean Kinetic? Lunar has a while left to go. Does that mean that users can upgrade from 22.04 to 23.04 still?

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Oh, I did mean kinetic, yes. Lunar should get an update too (though, as mentioned, that isn't in the Microsoft store it seems).

I'll prepare an upload for Lunar, add a task and put these back to In Progress after.

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

> I'll prepare an upload for Lunar, add a task and put these back to In Progress after.

Uploaded 0.36.1-4.1ubuntu0.1 to Lunar.

Changed in ufw (Ubuntu Lunar):
importance: Undecided → High
status: New → In Progress
assignee: nobody → Jamie Strandboge (jdstrand)
Revision history for this message
Steve Langasek (vorlon) wrote : Please test proposed package

Hello caleb, or anyone else affected,

Accepted ufw into lunar-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/ufw/0.36.1-4.1ubuntu0.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-lunar to verification-done-lunar. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-lunar. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in ufw (Ubuntu Lunar):
status: In Progress → Fix Committed
tags: added: verification-needed verification-needed-lunar
Changed in ufw (Ubuntu Jammy):
status: In Progress → Fix Committed
tags: added: verification-needed-jammy
Revision history for this message
Steve Langasek (vorlon) wrote :

Hello caleb, or anyone else affected,

Accepted ufw into jammy-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/ufw/0.36.1-4ubuntu0.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-jammy to verification-done-jammy. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-jammy. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in ufw (Ubuntu Focal):
status: In Progress → Fix Committed
tags: added: verification-needed-focal
Revision history for this message
Steve Langasek (vorlon) wrote :

Hello caleb, or anyone else affected,

Accepted ufw into focal-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/ufw/0.36-6ubuntu1.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-focal to verification-done-focal. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-focal. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Revision history for this message
Ubuntu SRU Bot (ubuntu-sru-bot) wrote : Autopkgtest regression report (ufw/0.36.1-4.1ubuntu0.1)

All autopkgtests for the newly accepted ufw (0.36.1-4.1ubuntu0.1) for lunar have finished running.
The following regressions have been reported in tests triggered by the package:

crmsh/4.4.0-4ubuntu1 (s390x)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/lunar/update_excuses.html#ufw

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

Revision history for this message
Jamie Strandboge (jdstrand) wrote (last edit ):

For lunar, the crmsh autopkgtest issue was unrelated. I reran the autopkgtest and it passed:
https://autopkgtest.ubuntu.com/results/autopkgtest-lunar/lunar/s390x/c/crmsh/20230725_140910_37cd9@/log.gz

Note that autopkg tests for ufw test various aspects of normal ufw usage, including ufw enable. I also performed the testing for this issue on lunar:

$ apt-cache policy ufw
ufw:
  Installed: 0.36.1-4.1
  Candidate: 0.36.1-4.1
  Version table:
 *** 0.36.1-4.1 500
        500 http://archive.ubuntu.com/ubuntu lunar/main amd64 Packages
        100 /var/lib/dpkg/status

# recreate the WSL2 scenario by having the parent shell contain 'Relay(NNN)'.
# This could be done various ways, but the easiest is to create a script named
# /tmp/Relay(230) to launch ufw:
$ cat <<EOM > "/tmp/Relay(230)"
#!/bin/bash
sudo ufw enable
EOM
$ chmod 755 "/tmp/Relay(230)"

# before the update
$ "/tmp/Relay(230)"
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/ufw/util.py", line 427, in under_ssh
    ppid = get_ppid(pid)
           ^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/ufw/util.py", line 419, in get_ppid
    ppid = open(name).readlines()[0].split(')')[1].split()[1]
           ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^^^
IndexError: list index out of range

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/sbin/ufw", line 138, in <module>
    not ui.continue_under_ssh():
        ^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/ufw/frontend.py", line 901, in continue_under_ssh
    if self.backend.do_checks and ufw.util.under_ssh(): # pragma: no cover
                                  ^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/ufw/util.py", line 457, in under_ssh
    return under_ssh(ppid)
           ^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/ufw/util.py", line 457, in under_ssh
    return under_ssh(ppid)
           ^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/ufw/util.py", line 457, in under_ssh
    return under_ssh(ppid)
           ^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/ufw/util.py", line 434, in under_ssh
    raise ValueError(err_msg)
ValueError: Couldn't find parent pid for '4496'

# after the update

$ cat <<EOF | sudo tee /etc/apt/sources.list.d/ubuntu-$(lsb_release -cs)-proposed.list
# Enable Ubuntu proposed archive
deb http://archive.ubuntu.com/ubuntu/ $(lsb_release -cs)-proposed restricted main multiverse universe
EOF
# Enable Ubuntu proposed archive
deb http://archive.ubuntu.com/ubuntu/ lunar-proposed restricted main multiverse universe

$ sudo apt-get update && sudo apt-get install ufw/lunar-proposed
...
Setting up ufw (0.36.1-4.1ubuntu0.1) ...

# it now doesn't traceback
$ "/tmp/Relay(230)"
Command may disrupt existing ssh connections. Proceed with operation (y|n)? n
$

tags: added: verification-done-lunar
removed: verification-needed-lunar
Revision history for this message
Jamie Strandboge (jdstrand) wrote (last edit ):

Note that autopkg tests for ufw test various aspects of normal ufw usage, including ufw enable. I also performed the testing for this issue on jammy:

$ apt-cache policy ufw
ufw:
  Installed: 0.36.1-4build1
  Candidate: 0.36.1-4build1
  Version table:
 *** 0.36.1-4build1 500
        500 http://archive.ubuntu.com/ubuntu jammy/main amd64 Packages
        100 /var/lib/dpkg/status

# recreate the WSL2 scenario by having the parent shell contain 'Relay(NNN)'.
# This could be done various ways, but the easiest is to create a script named
# /tmp/Relay(230) to launch ufw:
$ cat <<EOM > "/tmp/Relay(230)"
#!/bin/bash
sudo ufw enable
EOM
$ chmod 755 "/tmp/Relay(230)"

# before the update
$ "/tmp/Relay(230)"
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/ufw/util.py", line 427, in under_ssh
    ppid = get_ppid(pid)
  File "/usr/lib/python3/dist-packages/ufw/util.py", line 419, in get_ppid
    ppid = open(name).readlines()[0].split(')')[1].split()[1]
IndexError: list index out of range

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/sbin/ufw", line 138, in <module>
    not ui.continue_under_ssh():
  File "/usr/lib/python3/dist-packages/ufw/frontend.py", line 901, in continue_under_ssh
    if self.backend.do_checks and ufw.util.under_ssh(): # pragma: no cover
  File "/usr/lib/python3/dist-packages/ufw/util.py", line 457, in under_ssh
    return under_ssh(ppid)
  File "/usr/lib/python3/dist-packages/ufw/util.py", line 457, in under_ssh
    return under_ssh(ppid)
  File "/usr/lib/python3/dist-packages/ufw/util.py", line 457, in under_ssh
    return under_ssh(ppid)
  File "/usr/lib/python3/dist-packages/ufw/util.py", line 434, in under_ssh
    raise ValueError(err_msg)
ValueError: Couldn't find parent pid for '1294'

# after the update

$ cat <<EOF | sudo tee /etc/apt/sources.list.d/ubuntu-$(lsb_release -cs)-proposed.list
# Enable Ubuntu proposed archive
deb http://archive.ubuntu.com/ubuntu/ $(lsb_release -cs)-proposed restricted main multiverse universe
EOF
# Enable Ubuntu proposed archive
deb http://archive.ubuntu.com/ubuntu/ jammy-proposed restricted main multiverse universe

$ sudo apt-get update && sudo apt-get install ufw/jammy-proposed
...
Setting up ufw (0.36.1-4ubuntu0.1) ...

# it now doesn't traceback
$ "/tmp/Relay(230)"
Command may disrupt existing ssh connections. Proceed with operation (y|n)? n
$

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Note that autopkg tests for ufw test various aspects of normal ufw usage, including ufw enable. I also performed the testing for this issue on focal:

$ apt-cache policy ufw
ufw:
  Installed: 0.36-6ubuntu1
  Candidate: 0.36-6ubuntu1
  Version table:
 *** 0.36-6ubuntu1 500
        500 http://archive.ubuntu.com/ubuntu focal-updates/main amd64 Packages
        100 /var/lib/dpkg/status
     0.36-6 500
        500 http://archive.ubuntu.com/ubuntu focal/main amd64 Packages

# recreate the WSL2 scenario by having the parent shell contain 'Relay(NNN)'.
# This could be done various ways, but the easiest is to create a script named
# /tmp/Relay(230) to launch ufw:
$ cat <<EOM > "/tmp/Relay(230)"
#!/bin/bash
sudo ufw enable
EOM
$ chmod 755 "/tmp/Relay(230)"

# before the update
$ "/tmp/Relay(230)"
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/ufw/util.py", line 444, in under_ssh
    ppid = get_ppid(pid)
  File "/usr/lib/python3/dist-packages/ufw/util.py", line 434, in get_ppid
    ppid = open(name).readlines()[0].split(')')[1].split()[1]
IndexError: list index out of range

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/sbin/ufw", line 138, in <module>
    not ui.continue_under_ssh():
  File "/usr/lib/python3/dist-packages/ufw/frontend.py", line 900, in continue_under_ssh
    if self.backend.do_checks and ufw.util.under_ssh(): # pragma: no cover
  File "/usr/lib/python3/dist-packages/ufw/util.py", line 474, in under_ssh
    return under_ssh(ppid)
  File "/usr/lib/python3/dist-packages/ufw/util.py", line 474, in under_ssh
    return under_ssh(ppid)
  File "/usr/lib/python3/dist-packages/ufw/util.py", line 451, in under_ssh
    raise ValueError(err_msg)
ValueError: Couldn't find parent pid for '1782'

# after the update

$ cat <<EOF | sudo tee /etc/apt/sources.list.d/ubuntu-$(lsb_release -cs)-proposed.list
# Enable Ubuntu proposed archive
deb http://archive.ubuntu.com/ubuntu/ $(lsb_release -cs)-proposed restricted main multiverse universe
EOF
# Enable Ubuntu proposed archive
deb http://archive.ubuntu.com/ubuntu/ focal-proposed restricted main multiverse universe

$ sudo apt-get update && sudo apt-get install ufw/focal-proposed
...
Setting up ufw (0.36-6ubuntu1.1) ...

# it now doesn't traceback
$ "/tmp/Relay(230)"
Command may disrupt existing ssh connections. Proceed with operation (

tags: added: verification-done verification-done-focal verification-done-jammy
removed: verification-needed verification-needed-focal verification-needed-jammy
Revision history for this message
Chris Halse Rogers (raof) wrote : Update Released

The verification of the Stable Release Update for ufw has completed successfully and the package is now being released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ufw - 0.36-6ubuntu1.1

---------------
ufw (0.36-6ubuntu1.1) focal; urgency=medium

  * 0014-lp2015645.patch: fix for LP: #2015645 (get_ppid() not working on WSL)

 -- Jamie Strandboge <email address hidden> Mon, 17 Jul 2023 14:14:04 +0000

Changed in ufw (Ubuntu Focal):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ufw - 0.36.1-4ubuntu0.1

---------------
ufw (0.36.1-4ubuntu0.1) jammy; urgency=medium

  * 0005-lp2015645.patch: fix for LP: #2015645 (get_ppid() not working on WSL)

 -- Jamie Strandboge <email address hidden> Mon, 17 Jul 2023 13:55:25 +0000

Changed in ufw (Ubuntu Jammy):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ufw - 0.36.1-4.1ubuntu0.1

---------------
ufw (0.36.1-4.1ubuntu0.1) lunar; urgency=medium

  * 0005-lp2015645.patch: fix for LP: #2015645 (get_ppid() not working on WSL)

 -- Jamie Strandboge <email address hidden> Thu, 20 Jul 2023 12:51:31 +0000

Changed in ufw (Ubuntu Lunar):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.