term.log is world readable and shouldn't be

Bug #975199 reported by James Troup on 2012-04-06
262
This bug affects 1 person
Affects Status Importance Assigned to Milestone
apt (Ubuntu)
Undecided
Michael Vogt
Oneiric
Undecided
Marc Deslauriers
Precise
Undecided
Marc Deslauriers
Quantal
Undecided
Marc Deslauriers
Raring
Undecided
Michael Vogt

Bug Description

| root@dziban:/etc# ls -l /var/log/apt/term.log*
| -rw-r--r-- 1 root adm 87718 Apr 6 10:33 /var/log/apt/term.log

This file includes anything you type into a shell spawned via dpkg's
conffile handling. I don't expect my root shell sessions to be logged
(keystrokes and all) to a world readable file and I imagine I'm not
the only one.

James Troup (elmo) wrote :

This appears to be a regression in precise. lucid has these files as
600.

Marc Deslauriers (mdeslaur) wrote :

This was introduced in Oneiric, as the fix for bug 404724

Michael, is there any way to exclude the shell being logged in term.log?

Changed in apt (Ubuntu):
status: New → Confirmed
Changed in apt (Ubuntu Oneiric):
status: New → Confirmed
Michael Vogt (mvo) wrote :

Hey Marc, unfortunately not AFAICT. It will simply log everything on the pty that dpkg runs on. We could make it 0640 root.adm as a middle ground maybe?

Marc Deslauriers (mdeslaur) wrote :

Yeah, that would be acceptable I think. Elmo?

Marc Deslauriers <email address hidden> writes:

> Yeah, that would be acceptable I think. Elmo?

It's better than what we have now, so, sure.

--
James

Changed in apt (Ubuntu Oneiric):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in apt (Ubuntu Precise):
assignee: nobody → Marc Deslauriers (mdeslaur)
Michael Vogt (mvo) wrote :

Bzr bundle with a fix, note that the apt.postinst needs version number adjustment of course.

Jamie Strandboge (jdstrand) wrote :

This still doesn't seem to be fixed. Has there been any progress on it?

Michael Vogt (mvo) wrote :

@Jamie: sorry, this slipped my attention. If you agree with the direction in the bzr bundle I'm happy to prepare debdiffs for precise, quantal with the fix.

Jamie Strandboge (jdstrand) wrote :

It looks good to me, though I'm guessing the version check in postinst might need to be adjusted?

Michael Vogt (mvo) wrote :
Michael Vogt (mvo) wrote :
Michael Vogt (mvo) wrote :
Michael Vogt (mvo) wrote :

I adjusted the version checks in the postinst now, this should be ok now (but double check of course welcome!).

Marc Deslauriers (mdeslaur) wrote :

This is CVE-2012-0961

Changed in apt (Ubuntu Quantal):
assignee: nobody → Marc Deslauriers (mdeslaur)
information type: Private Security → Public Security
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package apt - 0.8.16~exp12ubuntu10.7

---------------
apt (0.8.16~exp12ubuntu10.7) precise-security; urgency=low

  * SECURITY UPDATE: change permissions of
    /var/log/apt/term.log to 0640 (LP: #975199)
    - CVE-2012-0961
 -- Michael Vogt <email address hidden> Tue, 04 Dec 2012 15:38:12 +0100

Changed in apt (Ubuntu Precise):
status: Confirmed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package apt - 0.9.7.5ubuntu5.2

---------------
apt (0.9.7.5ubuntu5.2) quantal-security; urgency=low

  * SECURITY UPDATE: change permissions of
    /var/log/apt/term.log to 0640 (LP: #975199)
    - CVE-2012-0961
 -- Michael Vogt <email address hidden> Tue, 04 Dec 2012 15:46:44 +0100

Changed in apt (Ubuntu Quantal):
status: Confirmed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package apt - 0.8.16~exp5ubuntu13.6

---------------
apt (0.8.16~exp5ubuntu13.6) oneiric-security; urgency=low

  * SECURITY UPDATE: change permissions of
    /var/log/apt/term.log to 0640 (LP: #975199)
    - CVE-2012-0961
 -- Michael Vogt <email address hidden> Tue, 04 Dec 2012 15:27:51 +0100

Changed in apt (Ubuntu Oneiric):
status: Confirmed → Fix Released
Changed in apt (Ubuntu Raring):
assignee: nobody → Michael Vogt (mvo)
tags: added: patch
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package apt - 0.9.7.6ubuntu6

---------------
apt (0.9.7.6ubuntu6) raring; urgency=low

  * merged from the debian-sid branch

  [ Program translation updates ]
  * Catalan (Jordi Mallach)
  * Drop a confusing non-breaking space. Closes: #691024
  * Thai (Theppitak Karoonboonyanan). Closes: #691613
  * Vietnamese (Trần Ngọc Quân). Closes: #693773
  * Fix Plural forms in German, French, Japanese and Portuguese
    translations. Thanks to Jakub Wilk for reporting these errors.

  [ Michael Vogt ]
  * change permissions of /var/log/apt/term.log to 0640 (LP: #975199)
 -- Michael Vogt <email address hidden> Thu, 13 Dec 2012 09:14:54 +0100

Changed in apt (Ubuntu Raring):
status: Confirmed → Fix Released
Mikko Rantalainen (mira) wrote :

Why does this log include user input in the first case? I can somewhat understand logging all output but why does the log include input also?

Marc Deslauriers (mdeslaur) wrote :

@Mikko: because when you get a conf file handling dialog, one of the options is to spawn a shell to manually correct the issue. That shell is in the same terminal, hence in the same log file.

To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers