| 2020-05-27 19:35:37 |
Dimitri John Ledkov |
bug |
|
|
added bug |
| 2020-05-27 19:35:49 |
Dimitri John Ledkov |
bug task added |
|
livecd-rootfs (Ubuntu) |
|
| 2020-05-27 20:18:12 |
Dimitri John Ledkov |
description |
Previously we decided that ESP should be mounted with umask=0077
See https://bugs.launchpad.net/ubuntu/+source/partman-efi/+bug/1390183
This is also documented in https://wiki.ubuntu.com/FSTAB
However, in GCE instance /boot/efi is not mounted with umask=0077
fstab is:
LABEL=cloudimg-rootfs / ext4 defaults 0 0
LABEL=UEFI /boot/efi vfat defaults 0 0
And in mount options are:
(rw,relatime,fmask=0022,dmask=0022,codepage=437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro)
fstab should be fixed to specify "umask=0077" instead of "defaults" for the ESP partition |
Previously we decided that ESP should be mounted with umask=0077
See
https://git.launchpad.net/ubuntu/+source/partman-efi/commit/fstab.d/efi?id=b141ba7648e66ae80eb58d26d40dd717cfee1904
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770033
https://bugs.launchpad.net/ubuntu/+source/partman-efi/+bug/1390183
This is also documented in https://wiki.ubuntu.com/FSTAB
However, in GCE instance /boot/efi is not mounted with umask=0077
fstab is:
LABEL=cloudimg-rootfs / ext4 defaults 0 0
LABEL=UEFI /boot/efi vfat defaults 0 0
And in mount options are:
(rw,relatime,fmask=0022,dmask=0022,codepage=437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro)
fstab should be fixed to specify "umask=0077" instead of "defaults" for the ESP partition |
|
| 2020-05-27 21:20:04 |
Dimitri John Ledkov |
description |
Previously we decided that ESP should be mounted with umask=0077
See
https://git.launchpad.net/ubuntu/+source/partman-efi/commit/fstab.d/efi?id=b141ba7648e66ae80eb58d26d40dd717cfee1904
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770033
https://bugs.launchpad.net/ubuntu/+source/partman-efi/+bug/1390183
This is also documented in https://wiki.ubuntu.com/FSTAB
However, in GCE instance /boot/efi is not mounted with umask=0077
fstab is:
LABEL=cloudimg-rootfs / ext4 defaults 0 0
LABEL=UEFI /boot/efi vfat defaults 0 0
And in mount options are:
(rw,relatime,fmask=0022,dmask=0022,codepage=437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro)
fstab should be fixed to specify "umask=0077" instead of "defaults" for the ESP partition |
Previously we decided that ESP should be mounted with umask=0077
See
https://git.launchpad.net/ubuntu/+source/partman-efi/commit/fstab.d/efi?id=b141ba7648e66ae80eb58d26d40dd717cfee1904
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770033
https://bugs.launchpad.net/ubuntu/+source/partman-efi/+bug/1390183
This is also documented in https://wiki.ubuntu.com/FSTAB
However, in GCE instance /boot/efi is not mounted with umask=0077
fstab is:
LABEL=cloudimg-rootfs / ext4 defaults 0 0
LABEL=UEFI /boot/efi vfat defaults 0 0
And in mount options are:
(rw,relatime,fmask=0022,dmask=0022,codepage=437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro)
fstab should be fixed to specify "umask=0077" instead of "defaults" for the ESP partition
also zsys setup in ubiquity does weird explicit umask=0022,fmask=0022,dmask=0022 which are the defaults anyway, not sure where that got those options from. |
|
| 2020-05-27 21:20:10 |
Dimitri John Ledkov |
bug task added |
|
ubiquity (Ubuntu) |
|
| 2020-05-27 21:24:48 |
Dimitri John Ledkov |
description |
Previously we decided that ESP should be mounted with umask=0077
See
https://git.launchpad.net/ubuntu/+source/partman-efi/commit/fstab.d/efi?id=b141ba7648e66ae80eb58d26d40dd717cfee1904
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770033
https://bugs.launchpad.net/ubuntu/+source/partman-efi/+bug/1390183
This is also documented in https://wiki.ubuntu.com/FSTAB
However, in GCE instance /boot/efi is not mounted with umask=0077
fstab is:
LABEL=cloudimg-rootfs / ext4 defaults 0 0
LABEL=UEFI /boot/efi vfat defaults 0 0
And in mount options are:
(rw,relatime,fmask=0022,dmask=0022,codepage=437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro)
fstab should be fixed to specify "umask=0077" instead of "defaults" for the ESP partition
also zsys setup in ubiquity does weird explicit umask=0022,fmask=0022,dmask=0022 which are the defaults anyway, not sure where that got those options from. |
Previously we decided that ESP should be mounted with umask=0077
See
https://git.launchpad.net/ubuntu/+source/partman-efi/commit/fstab.d/efi?id=b141ba7648e66ae80eb58d26d40dd717cfee1904
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770033
https://bugs.launchpad.net/ubuntu/+source/partman-efi/+bug/1390183
This is also documented in https://wiki.ubuntu.com/FSTAB
However, in GCE instance /boot/efi is not mounted with umask=0077
fstab is:
LABEL=cloudimg-rootfs / ext4 defaults 0 0
LABEL=UEFI /boot/efi vfat defaults 0 0
And in mount options are:
(rw,relatime,fmask=0022,dmask=0022,codepage=437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro)
fstab should be fixed to specify "umask=0077" instead of "defaults" for the ESP partition
also zsys setup in ubiquity does weird explicit umask=0022,fmask=0022,dmask=0022 which are the defaults anyway, not sure where that got those options from.
systemd, gpt-auto-generator correctly defaults to umask=0077 for ESP mount |
|
| 2020-05-27 21:28:52 |
Dimitri John Ledkov |
bug task added |
|
subiquity |
|
| 2020-05-27 21:29:35 |
Dimitri John Ledkov |
description |
Previously we decided that ESP should be mounted with umask=0077
See
https://git.launchpad.net/ubuntu/+source/partman-efi/commit/fstab.d/efi?id=b141ba7648e66ae80eb58d26d40dd717cfee1904
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770033
https://bugs.launchpad.net/ubuntu/+source/partman-efi/+bug/1390183
This is also documented in https://wiki.ubuntu.com/FSTAB
However, in GCE instance /boot/efi is not mounted with umask=0077
fstab is:
LABEL=cloudimg-rootfs / ext4 defaults 0 0
LABEL=UEFI /boot/efi vfat defaults 0 0
And in mount options are:
(rw,relatime,fmask=0022,dmask=0022,codepage=437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro)
fstab should be fixed to specify "umask=0077" instead of "defaults" for the ESP partition
also zsys setup in ubiquity does weird explicit umask=0022,fmask=0022,dmask=0022 which are the defaults anyway, not sure where that got those options from.
systemd, gpt-auto-generator correctly defaults to umask=0077 for ESP mount |
Previously we decided that ESP should be mounted with umask=0077
See
https://git.launchpad.net/ubuntu/+source/partman-efi/commit/fstab.d/efi?id=b141ba7648e66ae80eb58d26d40dd717cfee1904
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770033
https://bugs.launchpad.net/ubuntu/+source/partman-efi/+bug/1390183
This is also documented in https://wiki.ubuntu.com/FSTAB
However, in GCE instance /boot/efi is not mounted with umask=0077
fstab is:
LABEL=cloudimg-rootfs / ext4 defaults 0 0
LABEL=UEFI /boot/efi vfat defaults 0 0
And in mount options are:
(rw,relatime,fmask=0022,dmask=0022,codepage=437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro)
fstab should be fixed to specify "umask=0077" instead of "defaults" for the ESP partition
also zsys setup in ubiquity does weird explicit umask=0022,fmask=0022,dmask=0022 which are the defaults anyway, not sure where that got those options from.
systemd, gpt-auto-generator correctly defaults to umask=0077 for ESP mount
I think subiquity is affected, as it does not set "options: 'umask=0077'" on the /boot/efi mount in the storage specification. |
|
| 2020-06-17 09:25:05 |
Michael Hudson-Doyle |
tags |
|
easy |
|
| 2020-08-14 17:02:31 |
Julian Andres Klode |
bug task added |
|
grub2 (Ubuntu) |
|
| 2021-03-02 14:23:10 |
Launchpad Janitor |
merge proposal linked |
|
https://code.launchpad.net/~gjolly/livecd-rootfs/+git/livecd-rootfs/+merge/398356 |
|
| 2021-03-03 02:25:27 |
Launchpad Janitor |
livecd-rootfs (Ubuntu): status |
New |
Fix Released |
|
| 2021-03-03 03:44:07 |
Dimitri John Ledkov |
information type |
Private Security |
Public Security |
|
| 2021-03-17 16:25:29 |
Gauthier Jolly |
description |
Previously we decided that ESP should be mounted with umask=0077
See
https://git.launchpad.net/ubuntu/+source/partman-efi/commit/fstab.d/efi?id=b141ba7648e66ae80eb58d26d40dd717cfee1904
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770033
https://bugs.launchpad.net/ubuntu/+source/partman-efi/+bug/1390183
This is also documented in https://wiki.ubuntu.com/FSTAB
However, in GCE instance /boot/efi is not mounted with umask=0077
fstab is:
LABEL=cloudimg-rootfs / ext4 defaults 0 0
LABEL=UEFI /boot/efi vfat defaults 0 0
And in mount options are:
(rw,relatime,fmask=0022,dmask=0022,codepage=437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro)
fstab should be fixed to specify "umask=0077" instead of "defaults" for the ESP partition
also zsys setup in ubiquity does weird explicit umask=0022,fmask=0022,dmask=0022 which are the defaults anyway, not sure where that got those options from.
systemd, gpt-auto-generator correctly defaults to umask=0077 for ESP mount
I think subiquity is affected, as it does not set "options: 'umask=0077'" on the /boot/efi mount in the storage specification. |
[Impact]
* For the affected images`, the ESP is currently mounted with default (0755) permissions. This means anyone can read the ESP partition. This can cause security issues as sensitive data might be put in this partition[0]
[Test Plan]
* Build an uefi image from the ubuntu-cpc project in livecd-rootfs
* Launch in KVM
* Check `/etc/fstab` content
* Check that mount options are reflected in 'mount' command output
* Ensure a non-root user can not access /boot/efi
[Where problems could occur]
* Some users can have automation in place change the mount options. This change might break their automation. However, because this change is only related to the ESP partition, I don't think a lot of users would want to change the default settings.
* All use cases requiring non-root user to read from this file system will be broken. However, given the content of this filesystem, this scenario is unlikely and the security benefits should justify this risk.
[original description]
Previously we decided that ESP should be mounted with umask=0077
See
https://git.launchpad.net/ubuntu/+source/partman-efi/commit/fstab.d/efi?id=b141ba7648e66ae80eb58d26d40dd717cfee1904
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770033
https://bugs.launchpad.net/ubuntu/+source/partman-efi/+bug/1390183
This is also documented in https://wiki.ubuntu.com/FSTAB
However, in GCE instance /boot/efi is not mounted with umask=0077
fstab is:
LABEL=cloudimg-rootfs / ext4 defaults 0 0
LABEL=UEFI /boot/efi vfat defaults 0 0
And in mount options are:
(rw,relatime,fmask=0022,dmask=0022,codepage=437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro)
fstab should be fixed to specify "umask=0077" instead of "defaults" for the ESP partition
also zsys setup in ubiquity does weird explicit umask=0022,fmask=0022,dmask=0022 which are the defaults anyway, not sure where that got those options from.
systemd, gpt-auto-generator correctly defaults to umask=0077 for ESP mount
I think subiquity is affected, as it does not set "options: 'umask=0077'" on the /boot/efi mount in the storage specification.
[0] https://bugs.launchpad.net/cloud-images/+bug/1881006/comments/11 |
|
| 2021-03-17 16:25:39 |
Gauthier Jolly |
description |
[Impact]
* For the affected images`, the ESP is currently mounted with default (0755) permissions. This means anyone can read the ESP partition. This can cause security issues as sensitive data might be put in this partition[0]
[Test Plan]
* Build an uefi image from the ubuntu-cpc project in livecd-rootfs
* Launch in KVM
* Check `/etc/fstab` content
* Check that mount options are reflected in 'mount' command output
* Ensure a non-root user can not access /boot/efi
[Where problems could occur]
* Some users can have automation in place change the mount options. This change might break their automation. However, because this change is only related to the ESP partition, I don't think a lot of users would want to change the default settings.
* All use cases requiring non-root user to read from this file system will be broken. However, given the content of this filesystem, this scenario is unlikely and the security benefits should justify this risk.
[original description]
Previously we decided that ESP should be mounted with umask=0077
See
https://git.launchpad.net/ubuntu/+source/partman-efi/commit/fstab.d/efi?id=b141ba7648e66ae80eb58d26d40dd717cfee1904
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770033
https://bugs.launchpad.net/ubuntu/+source/partman-efi/+bug/1390183
This is also documented in https://wiki.ubuntu.com/FSTAB
However, in GCE instance /boot/efi is not mounted with umask=0077
fstab is:
LABEL=cloudimg-rootfs / ext4 defaults 0 0
LABEL=UEFI /boot/efi vfat defaults 0 0
And in mount options are:
(rw,relatime,fmask=0022,dmask=0022,codepage=437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro)
fstab should be fixed to specify "umask=0077" instead of "defaults" for the ESP partition
also zsys setup in ubiquity does weird explicit umask=0022,fmask=0022,dmask=0022 which are the defaults anyway, not sure where that got those options from.
systemd, gpt-auto-generator correctly defaults to umask=0077 for ESP mount
I think subiquity is affected, as it does not set "options: 'umask=0077'" on the /boot/efi mount in the storage specification.
[0] https://bugs.launchpad.net/cloud-images/+bug/1881006/comments/11 |
[Impact]
* For the affected images, the ESP is currently mounted with default (0755) permissions. This means anyone can read the ESP partition. This can cause security issues as sensitive data might be put in this partition[0]
[Test Plan]
* Build an uefi image from the ubuntu-cpc project in livecd-rootfs
* Launch in KVM
* Check `/etc/fstab` content
* Check that mount options are reflected in 'mount' command output
* Ensure a non-root user can not access /boot/efi
[Where problems could occur]
* Some users can have automation in place change the mount options. This change might break their automation. However, because this change is only related to the ESP partition, I don't think a lot of users would want to change the default settings.
* All use cases requiring non-root user to read from this file system will be broken. However, given the content of this filesystem, this scenario is unlikely and the security benefits should justify this risk.
[original description]
Previously we decided that ESP should be mounted with umask=0077
See
https://git.launchpad.net/ubuntu/+source/partman-efi/commit/fstab.d/efi?id=b141ba7648e66ae80eb58d26d40dd717cfee1904
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770033
https://bugs.launchpad.net/ubuntu/+source/partman-efi/+bug/1390183
This is also documented in https://wiki.ubuntu.com/FSTAB
However, in GCE instance /boot/efi is not mounted with umask=0077
fstab is:
LABEL=cloudimg-rootfs / ext4 defaults 0 0
LABEL=UEFI /boot/efi vfat defaults 0 0
And in mount options are:
(rw,relatime,fmask=0022,dmask=0022,codepage=437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro)
fstab should be fixed to specify "umask=0077" instead of "defaults" for the ESP partition
also zsys setup in ubiquity does weird explicit umask=0022,fmask=0022,dmask=0022 which are the defaults anyway, not sure where that got those options from.
systemd, gpt-auto-generator correctly defaults to umask=0077 for ESP mount
I think subiquity is affected, as it does not set "options: 'umask=0077'" on the /boot/efi mount in the storage specification.
[0] https://bugs.launchpad.net/cloud-images/+bug/1881006/comments/11 |
|
| 2021-03-17 17:28:46 |
Launchpad Janitor |
merge proposal linked |
|
https://code.launchpad.net/~gjolly/livecd-rootfs/+git/livecd-rootfs/+merge/399805 |
|
| 2021-03-17 17:29:33 |
Launchpad Janitor |
merge proposal linked |
|
https://code.launchpad.net/~gjolly/livecd-rootfs/+git/livecd-rootfs/+merge/399806 |
|
| 2021-03-18 10:20:53 |
Launchpad Janitor |
merge proposal linked |
|
https://code.launchpad.net/~gjolly/livecd-rootfs/+git/livecd-rootfs/+merge/399845 |
|
| 2021-03-18 10:22:05 |
Launchpad Janitor |
merge proposal linked |
|
https://code.launchpad.net/~gjolly/livecd-rootfs/+git/livecd-rootfs/+merge/399846 |
|
| 2021-03-18 10:22:47 |
Launchpad Janitor |
merge proposal linked |
|
https://code.launchpad.net/~gjolly/livecd-rootfs/+git/livecd-rootfs/+merge/399847 |
|
| 2021-04-13 15:33:31 |
Brian Murray |
livecd-rootfs (Ubuntu Groovy): status |
New |
Fix Committed |
|
| 2021-04-13 15:33:33 |
Brian Murray |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
| 2021-04-13 15:33:35 |
Brian Murray |
bug |
|
|
added subscriber SRU Verification |
| 2021-04-13 15:33:39 |
Brian Murray |
tags |
easy |
easy verification-needed verification-needed-groovy |
|
| 2021-04-13 15:37:47 |
Brian Murray |
livecd-rootfs (Ubuntu Focal): status |
New |
Fix Committed |
|
| 2021-04-13 15:37:52 |
Brian Murray |
tags |
easy verification-needed verification-needed-groovy |
easy verification-needed verification-needed-focal verification-needed-groovy |
|
| 2021-04-13 15:40:23 |
Brian Murray |
livecd-rootfs (Ubuntu Bionic): status |
New |
Fix Committed |
|
| 2021-04-13 15:40:29 |
Brian Murray |
tags |
easy verification-needed verification-needed-focal verification-needed-groovy |
easy verification-needed verification-needed-bionic verification-needed-focal verification-needed-groovy |
|
| 2021-04-13 15:56:18 |
Brian Murray |
livecd-rootfs (Ubuntu Xenial): status |
New |
Fix Committed |
|
| 2021-04-13 15:56:24 |
Brian Murray |
tags |
easy verification-needed verification-needed-bionic verification-needed-focal verification-needed-groovy |
easy verification-needed verification-needed-bionic verification-needed-focal verification-needed-groovy verification-needed-xenial |
|
| 2021-04-26 05:44:42 |
Mathew Hodson |
bug |
|
|
added subscriber Mathew Hodson |
| 2021-04-27 13:37:56 |
Gauthier Jolly |
tags |
easy verification-needed verification-needed-bionic verification-needed-focal verification-needed-groovy verification-needed-xenial |
easy verification-done-focal verification-done-groovy verification-done-xenial verification-needed verification-needed-bionic |
|
| 2021-04-27 15:52:13 |
Gauthier Jolly |
tags |
easy verification-done-focal verification-done-groovy verification-done-xenial verification-needed verification-needed-bionic |
easy verification-done verification-done-bionic verification-done-focal verification-done-groovy verification-done-xenial |
|
| 2021-04-27 18:13:29 |
Launchpad Janitor |
livecd-rootfs (Ubuntu Xenial): status |
Fix Committed |
Fix Released |
|
| 2021-04-27 18:13:33 |
Brian Murray |
removed subscriber Ubuntu Stable Release Updates Team |
|
|
|
| 2021-04-27 18:14:07 |
Launchpad Janitor |
livecd-rootfs (Ubuntu Bionic): status |
Fix Committed |
Fix Released |
|
| 2021-04-27 18:14:26 |
Launchpad Janitor |
livecd-rootfs (Ubuntu Focal): status |
Fix Committed |
Fix Released |
|
| 2021-04-27 18:14:41 |
Launchpad Janitor |
livecd-rootfs (Ubuntu Groovy): status |
Fix Committed |
Fix Released |
|
