Create core dumps for setuid binaries

Bug #1194541 reported by Evan on 2013-06-25
14
This bug affects 1 person
Affects Status Importance Assigned to Milestone
apport (Ubuntu)
Undecided
Unassigned
Precise
Undecided
Unassigned
Quantal
Undecided
Unassigned
Raring
Undecided
Unassigned

Bug Description

Kees has looked into setting /proc/sys/fs/setuid_dumpable to 2, which will enable core dumps for setuid binaries. This is now safe in all cases for kernels in raring and later. For quantal and earlier, a core pipe handler must be set when /proc/sys/fs/setuid_dumpable is set to 2.

TEST CASE:

passwd
# In another shell
killall -SEGV passwd
ls -la /var/crash/_usr_bin_passwd.0.crash

Evan (ev) wrote :

This was uploaded to Saucy as 2.10.2-0ubuntu3.

Changed in apport (Ubuntu Raring):
status: New → Fix Committed
Evan (ev) wrote :

This was uploaded to raring-proposed as 2.9.2-0ubuntu8.2.

Evan (ev) wrote :

This was uploaded to quantal-proposed as 2.6.1-0ubuntu12.

Changed in apport (Ubuntu Quantal):
status: New → Fix Committed
Martin Pitt (pitti) wrote :

Fix for saucy:

apport (2.10.2-0ubuntu3) saucy; urgency=low

  * Enable suid_dumpable (core dumps of setuid binaries). This has
    always been safe for us, as we set a core pipe handler, but the
    kernel now protects against one not being set:
    http://kernel.ubuntu.com/git?p=ubuntu/ubuntu-
    raring.git;a=blob;f=Documentation/sysctl/fs.txt;h=88152f214f48cb69c6
    43d4bf2ff2ac9a61ad2eb0;hb=HEAD

 -- Evan Dandrea <email address hidden> Tue, 25 Jun 2013 15:37:01 +0100

Changed in apport (Ubuntu):
status: New → Fix Released
Evan (ev) wrote :

This was uploaded to precise-proposed as 2.0.1-0ubuntu17.4.

Changed in apport (Ubuntu Precise):
status: New → Fix Committed

Thanks for uploading the fix for this bug report to -proposed. However, when reviewing the package in -proposed and the details of this bug report I noticed that the bug description is missing information required for the SRU process. You can find full details at http://wiki.ubuntu.com/StableReleaseUpdates#Procedure but essentially this bug is missing some of the following: a statement of impact, a test case and details regarding the regression potential. Thanks in advance!

Evan (ev) on 2013-06-27
description: updated

Hello Evan, or anyone else affected,

Accepted apport into raring-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/apport/2.9.2-0ubuntu8.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

tags: added: verification-needed
Brian Murray (brian-murray) wrote :

Hello Evan, or anyone else affected,

Accepted apport into quantal-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/apport/2.6.1-0ubuntu12 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Brian Murray (brian-murray) wrote :

Hello Evan, or anyone else affected,

Accepted apport into precise-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/apport/2.0.1-0ubuntu17.4 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Seth Arnold (seth-arnold) wrote :

The order of operations in the patch is incorrect; the suid_dumpable flag should be set _after_ the core pattern pipe has been set.

This is incorrect:

+ echo 2 > /proc/sys/fs/suid_dumpable
     echo "|/usr/share/apport/apport %p %s %c" > /proc/sys/kernel/core_pattern

It should be the other way around.

Teardown is in the correct order.

This was discovered in Saucy via kernel log messages:

[ 9.366329] Unsafe core_pattern used with suid_dumpable=2. Pipe handler or fully qualified core dump path required.

Thanks

tags: added: verification-failed
removed: verification-needed
Evan (ev) wrote :

Seth is correct, though this is only broken in saucy (I've just checked all the other versions). Working on a fix for saucy now.

Evan (ev) wrote :

Argh, so it is. Fixing.

Evan (ev) wrote :

Uploaded the raring-proposed fix as 2.9.2-0ubuntu8.3

Brian Murray (brian-murray) wrote :

Hello Evan, or anyone else affected,

Accepted apport into raring-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/apport/2.9.2-0ubuntu8.3 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

tags: removed: verification-failed
tags: added: verification-needed

As a part of the Stable Release Updates quality process a search for Launchpad bug reports using the version of apport from quantal-proposed was performed and bug 1205608 was found. Please investigate this bug report to ensure that a regression will not be created by this SRU. In the event that this is not a regression remove the "verification-failed" tag from this bug report and tag 1205608 "bot-stop-nagging". Thanks!

tags: added: verification-failed
tags: removed: verification-failed
Brian Murray (brian-murray) wrote :

I tested this using apport and friends version 2.9.2-0ubuntu8.3 on raring and confirm that a crash report was created for passwd.

tags: added: verification-done-raring
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package apport - 2.9.2-0ubuntu8.3

---------------
apport (2.9.2-0ubuntu8.3) raring-proposed; urgency=low

  * Fix the order of suid_dumpable and core_pattern. Thanks Seth Arnold
    and Marc Deslauriers (LP: #1194541).
 -- Evan Dandrea <email address hidden> Mon, 08 Jul 2013 15:58:18 +0100

Changed in apport (Ubuntu Raring):
status: Fix Committed → Fix Released
Brian Murray (brian-murray) wrote :

I tested this using apport version 2.6.1-0ubuntu12 on quantal and confirm that a crash report was created for passwd.

tags: added: verification-done-quantal
Brian Murray (brian-murray) wrote :

I tested this using apport version 2.0.1-ubuntu17.4 on precise and confirm that a crash report was created for passwd.

tags: added: verification-done verification-done-precise
removed: verification-needed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package apport - 2.0.1-0ubuntu17.4

---------------
apport (2.0.1-0ubuntu17.4) precise-proposed; urgency=low

  * Enable suid_dumpable (core dumps of setuid binaries). This has
    always been safe for us, as we set a core pipe handler, but the
    kernel now protects against one not being set:
    http://kernel.ubuntu.com/git?p=ubuntu/ubuntu-
    raring.git;a=blob;f=Documentation/sysctl/fs.txt;h=88152f214f48cb69c6
    43d4bf2ff2ac9a61ad2eb0;hb=HEAD (LP: #1194541).
 -- Evan Dandrea <email address hidden> Tue, 25 Jun 2013 16:40:45 +0100

Changed in apport (Ubuntu Precise):
status: Fix Committed → Fix Released

The verification of this Stable Release Update has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regresssions.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package apport - 2.6.1-0ubuntu12

---------------
apport (2.6.1-0ubuntu12) quantal-proposed; urgency=low

  * Enable suid_dumpable (core dumps of setuid binaries). This has
    always been safe for us, as we set a core pipe handler, but the
    kernel now protects against one not being set:
    http://kernel.ubuntu.com/git?p=ubuntu/ubuntu-
    raring.git;a=blob;f=Documentation/sysctl/fs.txt;h=88152f214f48cb69c6
    43d4bf2ff2ac9a61ad2eb0;hb=HEAD (LP: #1194541).
 -- Evan Dandrea <email address hidden> Tue, 25 Jun 2013 16:32:21 +0100

Changed in apport (Ubuntu Quantal):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers