Pithos does not start (due to permission error)

Bug #667896 reported by josefnpat on 2010-10-28
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Pithos
Fix Released
High
Unassigned

Bug Description

VERSION:
Newest ppa Pithos with ubuntu 10.4 64bit.

PROBLEM:
When permissions on pre-existing /tmp/pithos.debug.log do not belong to current user, pithos will not start. Using an strace, I found:

IOError: [Errno 13] Permission denied: '/tmp/pithos.debug.log'

WORKAROUND:
When one either deletes /tmp/pithos.debug.log, or chown's it to the current user, it fixes the problem.

HOW TO REPRODUCE:
It can be done one of two ways. Either change the owner of the /tmp/pithos.debug.log file, and start pithos, or mode from a user standpoint:
1) Start a second ubuntu account
2) Run pithos (init /tmp/pithos.debug.log with different permissions)
3) Change accounts
4) Attempt to run pithos.

SUGGESTIONS ON FIXING:
Make each debug.log unique to each user of pithos. Just attempting to clean up the data on Pithos closing is inadequate due to the fact that pithos can be killall'd.

Hope this helps, big respect to Pithos software. Finally got me listening to Pandora again!

Related branches

CVE References

josefnpat (josefnpat) wrote :
Changed in pithos:
status: New → Confirmed
importance: Undecided → High
Luke Faraone (lfaraone) wrote :

Btw, having predictable filenames in /tmp/ can be *really* bad.

Attack vector: Mallory links /tmp/pithos.debug.log to ~/.gnupg/secring.gpg. If Pithos doesn't do a lot of checking, it'll overwrite your secret key on start.

I'd use tempfile.mkstemp(prefix="pithos-debug-", suffix=".log"), or store logs in a subdirectory of ~.

security vulnerability: no → yes
Kevin Mehall (kevin-mehall) wrote :

I'm just going to ditch the debug log mechanism by default. It's not even useful for reporting bugs because it contains your Pandora password, so it can't be posted publicly. Yes, that's another security issue with that file on a multi-user system.

Ideally, Pithos should store debug data in memory, and if Pandora sends a weird error, it could (with the user's permission) remove private info from the log and post it to launchpad or my server.

Changed in pithos:
status: Confirmed → In Progress
Changed in pithos:
status: In Progress → Fix Committed
Changed in pithos:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers