Bazaar

ChrootServer/ChrootTransport not used by "bzr serve"

Bug #400535 reported by Andrew Bennetts
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Bazaar
Fix Released
Critical
Andrew Bennetts
Bazaar 1.17 "so-late-its-brunch"
Nominated for 1.16 by Andrew Bennetts

Bug Description

bzrlib/smart/server.py has a serve_bzr method which is used by "bzr serve". That method has these lines:

    chroot_server = ChrootServer(transport)
    chroot_server.setUp()
    t = get_transport(chroot_server.get_url())

But it then fails to use either chroot_server or t. Instead it runs the server with 'transport', which is generally a file:/// URL.

This may be the cause of bug 398199.

It certainly breaks some trivial uses of bzr serve. A server set up like this:

  $ mkdir /tmp/test-area
  $ cd /tmp/test-area
  $ bzr serve --allow-writes

Will not behave correctly:

  $ bzr --no-plugins init bzr://localhost/some-branch
bzr: ERROR: Server sent an unexpected error: ('error', "An attempt to access a url outside the server jail was made: 'file:///tmp/'.")
HPSS calls: 7 (2 vfs) <bzrlib.smart.medium.SmartTCPClientMedium object at 0x959fbec>

This should be fixed for 1.17.

See original description
Tags: hpss

Related branches

lp:~spiv/bzr/bug-400535
Robert Collins (community): Approve
Diff: 162 lines
Revision history for this message
Andrew Bennetts (spiv) wrote :

I have a fix, tests still to come.

Changed in bzr:
assignee: nobody → Andrew Bennetts (spiv)
status: Confirmed → Fix Committed
Revision history for this message
Andrew Bennetts (spiv) wrote :

It appears that the combination of paranoia in SmartServerRequest.translate_client_path and the server-side jail for BzrDir.open protects us from accidentally allowing clients access to data outside the permitted directory. So this is merely a serious bug that breaks some legitimate functionality, rather than an exploitable security issue. So this bug doesn't need to remain private.

It's also possibly the cause of bug 398199.

description: updated
security vulnerability: yes → no
visibility: private → public
Jonathan Lange (jml)
Changed in bzr:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.