| 2016-08-10 05:21:04 |
Paul Collins |
bug |
|
|
added bug |
| 2016-08-10 05:21:04 |
Paul Collins |
attachment added |
|
skip chown when it would be a no-op https://bugs.launchpad.net/bugs/1611603/+attachment/4717942/+files/gunicorn.chown.patch |
|
| 2016-08-10 05:21:19 |
Paul Collins |
bug |
|
|
added subscriber The Canonical Sysadmins |
| 2016-08-10 05:33:28 |
Paul Collins |
description |
I attempted to package a simple WSGI app in an Ubuntu snap with gunicorn, and ran into a problem with gunicorn vs. the Snap security policy.
The policy forbids calling chown at all, whereas the gunicorn.worker.WorkerTemp class relies on the default and historically unproblematic behaviour of silently succeeding when the UID/GID are the same as the calling process's.
I've attached a patch that attempts to short-circuit chown when it would be a no-op, which is the case when gunicorn is run as root in a snap, and this patch lets my app work when confined.
snaps also do not currently allow setuid, etc., and so there's no sense in trying to create a gunicorn-using snap that starts as root and then drops privileges. For more information on the snap security policy, please visit: https://developer.ubuntu.com/en/snappy/guides/security/ |
I attempted to package a simple WSGI app in an Ubuntu snap with gunicorn, and ran into a problem with gunicorn vs. the Snap security policy.
The policy forbids calling chown at all, whereas the gunicorn.worker.WorkerTemp class relies on the default and historically unproblematic behaviour of silently succeeding when the UID/GID are the same as the calling process's.
I've attached a patch that attempts to short-circuit chown when it would be a no-op, which is the case when gunicorn is run as root in a snap, and this patch lets my app work when confined.
snaps also do not currently allow setuid, etc., and so there's no sense in trying to create a gunicorn-using snap that starts as root and then drops privileges. For more information on the snap security policy, please visit: https://developer.ubuntu.com/en/snappy/guides/security/
and https://developer.ubuntu.com/en/snappy/build-apps/debug/ |
|
| 2016-08-10 05:35:13 |
Paul Collins |
description |
I attempted to package a simple WSGI app in an Ubuntu snap with gunicorn, and ran into a problem with gunicorn vs. the Snap security policy.
The policy forbids calling chown at all, whereas the gunicorn.worker.WorkerTemp class relies on the default and historically unproblematic behaviour of silently succeeding when the UID/GID are the same as the calling process's.
I've attached a patch that attempts to short-circuit chown when it would be a no-op, which is the case when gunicorn is run as root in a snap, and this patch lets my app work when confined.
snaps also do not currently allow setuid, etc., and so there's no sense in trying to create a gunicorn-using snap that starts as root and then drops privileges. For more information on the snap security policy, please visit: https://developer.ubuntu.com/en/snappy/guides/security/
and https://developer.ubuntu.com/en/snappy/build-apps/debug/ |
I attempted to package a simple WSGI app in an Ubuntu snap with gunicorn, and ran into a problem with gunicorn vs. the Snap security policy.
The policy forbids calling chown at all, whereas the workers.workertmp.WorkerTmp class relies on the default and historically unproblematic behaviour of silently succeeding when the UID/GID are the same as the calling process's.
I've attached a patch that attempts to short-circuit chown when it would be a no-op, which is the case when gunicorn is run as root in a snap, and this patch lets my app work when confined.
snaps also do not currently allow setuid, etc., and so there's no sense in trying to create a gunicorn-using snap that starts as root and then drops privileges. For more information on the snap security policy, please visit: https://developer.ubuntu.com/en/snappy/guides/security/
and https://developer.ubuntu.com/en/snappy/build-apps/debug/ |
|
| 2016-08-10 08:28:29 |
Ubuntu Foundations Team Bug Bot |
tags |
canonical-is |
canonical-is patch |
|
| 2016-08-10 08:28:40 |
Ubuntu Foundations Team Bug Bot |
bug |
|
|
added subscriber Ubuntu Review Team |
| 2016-08-17 02:40:41 |
Paul Collins |
attachment added |
|
skip chown when it would be a no-op, take 2 https://bugs.launchpad.net/ubuntu/+source/gunicorn/+bug/1611603/+attachment/4722435/+files/gunicorn.chown-2.patch |
|
| 2017-02-02 18:46:53 |
Chuck Short |
gunicorn (Ubuntu): importance |
Undecided |
Low |
|
| 2017-02-02 18:46:53 |
Chuck Short |
gunicorn (Ubuntu): status |
New |
Triaged |
|
