OK, a little more information about the main issue in this bug. The privilege dropping code was introduced to fix CVE-2019-11481, from bug 1830862, which had two parts:
- File was read as root
- There was no limit on the size of the file so a symlink to /dev/zero would cause apport to hang
The patch fixed #1. The patch did not specifically address #2, but since the privilege dropping code was broken resulting in a failure, the result was that #2 was no longer an issue.
Fixing the privilege dropping code will re-introduce #2.
The file is parsed using ConfigParser(), and there is no API to limit the size of the file being read. There are two possible ways around the issue:
1- Implement a simple key-value parser in a few lines of code that includes a limit on the number of lines read from the file. Since apport only uses the [main] header, parsing headers is not needed.
2- Read the file with a line limit before passing it to ConfigParser().
I suspect #1 would give us more control in limiting and addressing further attacks in the future.
OK, a little more information about the main issue in this bug. The privilege dropping code was introduced to fix CVE-2019-11481, from bug 1830862, which had two parts:
- File was read as root
- There was no limit on the size of the file so a symlink to /dev/zero would cause apport to hang
The patch fixed #1. The patch did not specifically address #2, but since the privilege dropping code was broken resulting in a failure, the result was that #2 was no longer an issue.
Fixing the privilege dropping code will re-introduce #2.
The file is parsed using ConfigParser(), and there is no API to limit the size of the file being read. There are two possible ways around the issue:
1- Implement a simple key-value parser in a few lines of code that includes a limit on the number of lines read from the file. Since apport only uses the [main] header, parsing headers is not needed.
2- Read the file with a line limit before passing it to ConfigParser().
I suspect #1 would give us more control in limiting and addressing further attacks in the future.