Create core dumps for setuid binaries

This was uploaded to Saucy as 2.10.2-0ubuntu3.

This was uploaded to raring-proposed as 2.9.2-0ubuntu8.2.

This was uploaded to quantal-proposed as 2.6.1-0ubuntu12.

Fix for saucy:

apport (2.10.2-0ubuntu3) saucy; urgency=low

  * Enable suid_dumpable (core dumps of setuid binaries). This has
    always been safe for us, as we set a core pipe handler, but the
    kernel now protects against one not being set:
    http://kernel.ubuntu.com/git?p=ubuntu/ubuntu-
    raring.git;a=blob;f=Documentation/sysctl/fs.txt;h=88152f214f48cb69c6
    43d4bf2ff2ac9a61ad2eb0;hb=HEAD

 -- Evan Dandrea <email address hidden> Tue, 25 Jun 2013 15:37:01 +0100

This was uploaded to precise-proposed as 2.0.1-0ubuntu17.4.

Thanks for uploading the fix for this bug report to -proposed. However, when reviewing the package in -proposed and the details of this bug report I noticed that the bug description is missing information required for the SRU process. You can find full details at http://wiki.ubuntu.com/StableReleaseUpdates#Procedure but essentially this bug is missing some of the following: a statement of impact, a test case and details regarding the regression potential. Thanks in advance!

Hello Evan, or anyone else affected,

Accepted apport into raring-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/apport/2.9.2-0ubuntu8.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Hello Evan, or anyone else affected,

Accepted apport into quantal-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/apport/2.6.1-0ubuntu12 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Hello Evan, or anyone else affected,

Accepted apport into precise-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/apport/2.0.1-0ubuntu17.4 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

The order of operations in the patch is incorrect; the suid_dumpable flag should be set _after_ the core pattern pipe has been set.

This is incorrect:

+ echo 2 > /proc/sys/fs/suid_dumpable
     echo "|/usr/share/apport/apport %p %s %c" > /proc/sys/kernel/core_pattern

It should be the other way around.

Teardown is in the correct order.

This was discovered in Saucy via kernel log messages:

[ 9.366329] Unsafe core_pattern used with suid_dumpable=2. Pipe handler or fully qualified core dump path required.

Thanks

Seth is correct, though this is only broken in saucy (I've just checked all the other versions). Working on a fix for saucy now.

Raring is also affected:

https://launchpadlibrarian.net/143375286/apport_2.9.2-0ubuntu8.1_2.9.2-0ubuntu8.2.diff.gz

Argh, so it is. Fixing.

Uploaded the raring-proposed fix as 2.9.2-0ubuntu8.3

Hello Evan, or anyone else affected,

Accepted apport into raring-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/apport/2.9.2-0ubuntu8.3 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

As a part of the Stable Release Updates quality process a search for Launchpad bug reports using the version of apport from quantal-proposed was performed and bug 1205608 was found. Please investigate this bug report to ensure that a regression will not be created by this SRU. In the event that this is not a regression remove the "verification-failed" tag from this bug report and tag 1205608 "bot-stop-nagging". Thanks!

I tested this using apport and friends version 2.9.2-0ubuntu8.3 on raring and confirm that a crash report was created for passwd.

This bug was fixed in the package apport - 2.9.2-0ubuntu8.3

---------------
apport (2.9.2-0ubuntu8.3) raring-proposed; urgency=low

  * Fix the order of suid_dumpable and core_pattern. Thanks Seth Arnold
    and Marc Deslauriers (LP: #1194541).
 -- Evan Dandrea <email address hidden> Mon, 08 Jul 2013 15:58:18 +0100

I tested this using apport version 2.6.1-0ubuntu12 on quantal and confirm that a crash report was created for passwd.

I tested this using apport version 2.0.1-ubuntu17.4 on precise and confirm that a crash report was created for passwd.

This bug was fixed in the package apport - 2.0.1-0ubuntu17.4

---------------
apport (2.0.1-0ubuntu17.4) precise-proposed; urgency=low

  * Enable suid_dumpable (core dumps of setuid binaries). This has
    always been safe for us, as we set a core pipe handler, but the
    kernel now protects against one not being set:
    http://kernel.ubuntu.com/git?p=ubuntu/ubuntu-
    raring.git;a=blob;f=Documentation/sysctl/fs.txt;h=88152f214f48cb69c6
    43d4bf2ff2ac9a61ad2eb0;hb=HEAD (LP: #1194541).
 -- Evan Dandrea <email address hidden> Tue, 25 Jun 2013 16:40:45 +0100

The verification of this Stable Release Update has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regresssions.

This bug was fixed in the package apport - 2.6.1-0ubuntu12

---------------
apport (2.6.1-0ubuntu12) quantal-proposed; urgency=low

  * Enable suid_dumpable (core dumps of setuid binaries). This has
    always been safe for us, as we set a core pipe handler, but the
    kernel now protects against one not being set:
    http://kernel.ubuntu.com/git?p=ubuntu/ubuntu-
    raring.git;a=blob;f=Documentation/sysctl/fs.txt;h=88152f214f48cb69c6
    43d4bf2ff2ac9a61ad2eb0;hb=HEAD (LP: #1194541).
 -- Evan Dandrea <email address hidden> Tue, 25 Jun 2013 16:32:21 +0100