Ubuntu
rabbitmq-server package

.erlang.cookie overwritten if 20 uppercase characters

Bug #2044248 reported by Markus Rexhepi-Lindberg
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
rabbitmq-server (Debian)
Fix Released
Unknown
rabbitmq-server (Ubuntu)
Won't Fix
Low
Unassigned

Bug Description

The postinst script will overwrite the `/var/lib/rabbitmq/.erlang.cookie` file if it contains exactly 20 uppercase characters.

```
if grep -q -E '^[A-Z]{20}$' /var/lib/rabbitmq/.erlang.cookie ; then
    OLD_UMASK=$(umask)
    umask 077; openssl rand -base64 -out /var/lib/rabbitmq/.erlang.cookie 42
    umask ${OLD_UMASK}
    if [ ""$(ps --no-headers -o comm 1) = "systemd" ] ; then
        if systemctl is-active --quiet rabbitmq-server.service ; then
            systemctl restart rabbitmq-server.service
        fi
    fi
fi
```

The rabbitmq-server service failed to start on one of our nodes in our cluster after the package was upgraded as the nodes in our cluster happen to share a .erlang.cookie that match this condition.

This is a dangerous approach which the package should not enforce. If 20 uppercase characters is seen as insecure then the package should instead inform the user of it and not simply overwriting the file.

ProblemType: Bug
DistroRelease: Ubuntu 22.04
Package: rabbitmq-server 3.9.13-1ubuntu0.22.04.2
ProcVersionSignature: Ubuntu 5.15.0-89.99-generic 5.15.126
Uname: Linux 5.15.0-89-generic x86_64
ApportVersion: 2.20.11-0ubuntu82.5
Architecture: amd64
CasperMD5CheckResult: unknown
Date: Wed Nov 22 10:21:18 2023
PackageArchitecture: all
ProcEnviron:
 TERM=xterm-256color
 PATH=(custom, no user)
 SHELL=/bin/bash
SourcePackage: rabbitmq-server
UpgradeStatus: Upgraded to jammy on 2022-12-12 (344 days ago)

Revision history for this message
Markus Rexhepi-Lindberg (k-markus) wrote :
Revision history for this message
Paride Legovini (paride) wrote :

Hello Markus and thanks for this bug report. If my understanding is correct, the logic currently implemented in the postinst script can cause problems when rabbitmq-server is used in a cluster configuration, with the cookie being a shared secret. If the cookie is replaced by a new random string, the cluster breaks. A "standalone" rabbitmq-server service won't be affected. Is this correct?

The postist logic comes from the Debian rabbitmq-server package. Ideally this bug should be discussed in Debian with the Debian maintainer of rabbitmq-server, who is the person who wrote [1]. Moreover, fixing the bug in Debian with benefit Debian and all its derivatives (including Ubuntu), without adding extra maintenance work (as an Ubuntu specific fix would do).

Would you be willing to file the bug against the Debian rabbitmq-server (source) package, and add a comment to this bug linking to the Debian bug? See "report bug" in [2].

Thanks!

[1] https://salsa.debian.org/openstack-team/third-party/rabbitmq-server/-/commit/c3c800b60bb7a878d58ea764d8b238e60184eac1
[2] https://bugs.debian.org/cgi-bin/pkgreport.cgi?archive=0;dist=unstable;ordering=normal;repeatmerged=0;src=rabbitmq-server

Changed in rabbitmq-server (Ubuntu):
status: New → Incomplete
Revision history for this message
Paride Legovini (paride) wrote :

Note: this is relevant only in >= Jammy, as Focal didn't have the cookie replacement logic.

Changed in rabbitmq-server (Ubuntu):
importance: Undecided → Low
Revision history for this message
Markus Rexhepi-Lindberg (k-markus) wrote :

Hi Paride,

You understanding is correct and I have as requested filed a bug report against the Debian rabbitmq-server package [1].

[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057077

Revision history for this message
Paride Legovini (paride) wrote :

Thanks for that. As you probably saw already, the Debian maintainer of the package closed the bug as a wontfix. I think it's unlikely that we're going to deviate from that in Ubuntu, which as a distribution tries strongly than Debian to avoid upgrade-time prompts blocking the upgrade process.

I am closing this bug as a won't fix, however if you are convinced this issue should be tackled differently, please make your point in a follow-up comment and change the bug status back to New, and we'll rediscuss this.

Thanks!

Changed in rabbitmq-server (Ubuntu):
status: Incomplete → Won't Fix
Bug Watch Updater (bug-watch-updater)
Changed in rabbitmq-server (Debian):
status: Unknown → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.