Comment 8 for bug 1903332

OK, a little more information about the main issue in this bug. The privilege dropping code was introduced to fix CVE-2019-11481, from bug 1830862, which had two parts:

- File was read as root
- There was no limit on the size of the file so a symlink to /dev/zero would cause apport to hang

The patch fixed #1. The patch did not specifically address #2, but since the privilege dropping code was broken resulting in a failure, the result was that #2 was no longer an issue.

Fixing the privilege dropping code will re-introduce #2.

The file is parsed using ConfigParser(), and there is no API to limit the size of the file being read. There are two possible ways around the issue:

1- Implement a simple key-value parser in a few lines of code that includes a limit on the number of lines read from the file. Since apport only uses the [main] header, parsing headers is not needed.

2- Read the file with a line limit before passing it to ConfigParser().

I suspect #1 would give us more control in limiting and addressing further attacks in the future.