predictable /tmp names

Bug #1650427 reported by Seth Arnold on 2016-12-16
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Snapcraft
Medium
Joe Talbott

Bug Description

In bug 1614520 there is some error output:

subprocess.CalledProcessError: Command '['git', '-C', '/tmp/httpsgithub.comjosephtindex-test.git', 'pull', [...]

Using "predictable" names in world writable directories is often a security flaw. I haven't inspected snapcraft close enough to determine if this is an issue. But I'd feel better if snapcraft would use a mechanism based on safer primitives such as Python's mkdtemp() function in order to make a scratch directory in /tmp/:

https://docs.python.org/3/library/tempfile.html#tempfile.mkdtemp

An alternative would be to use per-user temporary storage location such as ~/tmp/.

Thanks

Kyle Fazzari (kyrofa) wrote :
Changed in snapcraft:
status: New → Confirmed
Changed in snapcraft:
assignee: nobody → Joe Talbott (joetalbott)

The purpose of using predictable directories is to prevent having to
pull entire origins for each part as well as for each parser run. One
common problem the parser encounters is repos that have changed in a
manner that a simple "pull" will cause an error. One way to avoid
this is to have the parser pull origins into a new temporary directory
for each invocation of the parser. This solves both problems at the
cost of a lot of duplicate downloads across parser runs. Thoughts?

Note: this is only the case for the parser which isn't intended for
users to run.

On Thu, Jan 5, 2017 at 7:17 PM, Launchpad Bug Tracker
<email address hidden> wrote:
> *** This bug is a security vulnerability ***
>
> Sergio Schvezov (sergiusens) has assigned this bug to you for Snapcraft:
>
> In bug 1614520 there is some error output:
>
> subprocess.CalledProcessError: Command '['git', '-C', '/tmp/httpsgithub
> .comjosephtindex-test.git', 'pull', [...]
>
> Using "predictable" names in world writable directories is often a
> security flaw. I haven't inspected snapcraft close enough to determine
> if this is an issue. But I'd feel better if snapcraft would use a
> mechanism based on safer primitives such as Python's mkdtemp() function
> in order to make a scratch directory in /tmp/:
>
> https://docs.python.org/3/library/tempfile.html#tempfile.mkdtemp
>
> An alternative would be to use per-user temporary storage location such
> as ~/tmp/.
>
> Thanks
>
> ** Affects: snapcraft
> Importance: Undecided
> Assignee: Joe Talbott (joetalbott)
> Status: Confirmed
>
> --
> predictable /tmp names
> https://bugs.launchpad.net/bugs/1650427
> You received this bug notification because you are a bug assignee.

Kyle Fazzari (kyrofa) wrote :

If the parser is by design putting things in a predictable location in order to reuse it, and that predictable location is wiped on reboot, shouldn't the parser actually be storing these things somewhere more permanent so it also avoids duplicate downloads across reboots?

On Fri, 6 Jan 2017 19:29:02 +0000, Kyle Fazzari wrote:
> If the parser is by design putting things in a predictable location in
> order to reuse it, and that predictable location is wiped on reboot,
> shouldn't the parser actually be storing these things somewhere more
> permanent so it also avoids duplicate downloads across reboots?

During our standup we proposed using an xdg-cache location for 'snapcraft-parser'

--
Sent using Dekko from my Ubuntu device

Joe Talbott (joetalbott) wrote :
Changed in snapcraft:
status: Confirmed → In Progress
Changed in snapcraft:
milestone: none → 2.26
importance: Undecided → Low
importance: Low → Medium
status: In Progress → Fix Committed
Changed in snapcraft:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers