2023-07-16 01:54:38 |
Ken Sharp |
description |
I am trying to do a number of compilations, including bisects, etc. As part of the process I delete all the files from a compilation so that everything is nice and clean. However, some of these files keep reappearing!
In this case I am bisecting Wine. To help I added an ltrace to the Wine shell script...
I am compiling to /tmp/wine.
/tmp is a tmpfs mount.
I added ltrace to /tmp/wine/wine64/wine, which is a shell script. The last line of that script being:
exec ltrace "$WINELOADER" "$@"
I have then deleted everything in this directory (multiple times).
When attempting to access /tmp/wine/wine64/wine I am told that the file does not exist, as expected.
I then run a compilation.
On checking /tmp/wine/wine64/wine it contains the ltrace:
exec ltrace "$WINELOADER" "$@"
I thought it might just be bash, but I checked with Pluma and this file contains ltrace – data I have delete multipled times and should have been overwritten.
I tried multiple "sync"s and dropping the caches, but it makes no difference.
Why does this data keep reappearing? Why can't I delete a file? What kind of madness is this?
There are no words for just how bad this is. In particular: this is definitely a security issue.
If a user deletes a file, all I have to do is recreate a file with the same name and I have access to all that user's data.
I've spent hours bisecting, but it turns out I cannot trust any of the results as I have no guarantee that any of the files have actually changed.
I haven't checked the upstream kernel yet, but I am aware that this is required. It could take many hours.
ProblemType: Bug
DistroRelease: Ubuntu 22.04
Package: linux-image-5.15.0-76-generic 5.15.0-76.83
ProcVersionSignature: Ubuntu 5.15.0-76.83-generic 5.15.99
Uname: Linux 5.15.0-76-generic x86_64
NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair nvidia_modeset nvidia
ApportVersion: 2.20.11-0ubuntu82.5
Architecture: amd64
AudioDevicesInUse:
USER PID ACCESS COMMAND
/dev/snd/controlC0: ken 8889 F.... pulseaudio
/dev/snd/controlC1: ken 8889 F.... pulseaudio
/dev/snd/pcmC1D7p: ken 8889 F...m pulseaudio
CasperMD5CheckResult: unknown
CurrentDesktop: MATE
Date: Sat Jul 15 06:32:07 2023
MachineType: LENOVO 0606AD5
ProcFB:
ProcKernelCmdLine: BOOT_IMAGE=/@/boot/vmlinuz-5.15.0-76-generic root=UUID=bc8de7a2-4160-4017-937e-3d4126551687 ro rootflags=subvol=@ root=/dev/sdb10 quiet splash zswap.enabled=1 zswap.compressor=lz4 zswap.max_pool_percent=50 zswap.zpool=z3fold module_blacklist=mei_me hugepagesz=1G hugepages=3 hugepagesz=2M hugepages=100 vt.handoff=7
RelatedPackageVersions:
linux-restricted-modules-5.15.0-76-generic N/A
linux-backports-modules-5.15.0-76-generic N/A
linux-firmware 20220329.git681281e4-0ubuntu3.14
RfKill:
SourcePackage: linux
UpgradeStatus: Upgraded to jammy on 2022-09-26 (291 days ago)
dmi.bios.date: 12/15/2016
dmi.bios.release: 0.60
dmi.bios.vendor: LENOVO
dmi.bios.version: A0KT60AUS
dmi.board.asset.tag: To be filled by O.E.M.
dmi.board.name: LENOVO
dmi.board.vendor: LENOVO
dmi.board.version: NONE
dmi.chassis.type: 7
dmi.chassis.vendor: LENOVO
dmi.chassis.version: NONE
dmi.modalias: dmi:bvnLENOVO:bvrA0KT60AUS:bd12/15/2016:br0.60:svnLENOVO:pn0606AD5:pvrThinkStationS30:rvnLENOVO:rnLENOVO:rvrNONE:cvnLENOVO:ct7:cvrNONE:skuLENOVO_BI_A0:
dmi.product.family: To be filled by O.E.M.
dmi.product.name: 0606AD5
dmi.product.sku: LENOVO_BI_A0
dmi.product.version: ThinkStation S30
dmi.sys.vendor: LENOVO
modified.conffile..etc.apport.crashdb.conf: [modified]
mtime.conffile..etc.apport.crashdb.conf: 2019-08-06T11:56:22.315382 |
I am trying to do a number of compilations, including bisects, etc. As part of the process I delete all the files from a compilation so that everything is nice and clean. However, some of these files keep reappearing!
In this case I am bisecting Wine. To help I added an ltrace to the Wine shell script...
I am compiling to /tmp/wine.
/tmp is a tmpfs mount.
I added ltrace to /tmp/wine/wine64/wine, which is a shell script. The last line of that script being:
exec ltrace "$WINELOADER" "$@"
I have then deleted everything in this directory (multiple times).
When attempting to access /tmp/wine/wine64/wine I am told that the file does not exist, as expected.
I then run a compilation.
On checking /tmp/wine/wine64/wine it contains the ltrace:
exec ltrace "$WINELOADER" "$@"
I thought it might just be bash, but I checked with Pluma and this file contains ltrace – data I have deleted multiple times and should have been overwritten.
I tried multiple "sync"s and dropping the caches, but it makes no difference.
Why does this data keep reappearing? Why can't I delete a file? What kind of madness is this?
There are no words for just how bad this is. In particular: this is definitely a security issue.
If a user deletes a file, all I have to do is recreate a file with the same name and I have access to all that user's data.
I've spent hours bisecting, but it turns out I cannot trust any of the results as I have no guarantee that any of the files have actually changed.
I haven't checked the upstream kernel yet, but I am aware that this is required. It could take many hours.
ProblemType: Bug
DistroRelease: Ubuntu 22.04
Package: linux-image-5.15.0-76-generic 5.15.0-76.83
ProcVersionSignature: Ubuntu 5.15.0-76.83-generic 5.15.99
Uname: Linux 5.15.0-76-generic x86_64
NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair nvidia_modeset nvidia
ApportVersion: 2.20.11-0ubuntu82.5
Architecture: amd64
AudioDevicesInUse:
USER PID ACCESS COMMAND
/dev/snd/controlC0: ken 8889 F.... pulseaudio
/dev/snd/controlC1: ken 8889 F.... pulseaudio
/dev/snd/pcmC1D7p: ken 8889 F...m pulseaudio
CasperMD5CheckResult: unknown
CurrentDesktop: MATE
Date: Sat Jul 15 06:32:07 2023
MachineType: LENOVO 0606AD5
ProcFB:
ProcKernelCmdLine: BOOT_IMAGE=/@/boot/vmlinuz-5.15.0-76-generic root=UUID=bc8de7a2-4160-4017-937e-3d4126551687 ro rootflags=subvol=@ root=/dev/sdb10 quiet splash zswap.enabled=1 zswap.compressor=lz4 zswap.max_pool_percent=50 zswap.zpool=z3fold module_blacklist=mei_me hugepagesz=1G hugepages=3 hugepagesz=2M hugepages=100 vt.handoff=7
RelatedPackageVersions:
linux-restricted-modules-5.15.0-76-generic N/A
linux-backports-modules-5.15.0-76-generic N/A
linux-firmware 20220329.git681281e4-0ubuntu3.14
RfKill:
SourcePackage: linux
UpgradeStatus: Upgraded to jammy on 2022-09-26 (291 days ago)
dmi.bios.date: 12/15/2016
dmi.bios.release: 0.60
dmi.bios.vendor: LENOVO
dmi.bios.version: A0KT60AUS
dmi.board.asset.tag: To be filled by O.E.M.
dmi.board.name: LENOVO
dmi.board.vendor: LENOVO
dmi.board.version: NONE
dmi.chassis.type: 7
dmi.chassis.vendor: LENOVO
dmi.chassis.version: NONE
dmi.modalias: dmi:bvnLENOVO:bvrA0KT60AUS:bd12/15/2016:br0.60:svnLENOVO:pn0606AD5:pvrThinkStationS30:rvnLENOVO:rnLENOVO:rvrNONE:cvnLENOVO:ct7:cvrNONE:skuLENOVO_BI_A0:
dmi.product.family: To be filled by O.E.M.
dmi.product.name: 0606AD5
dmi.product.sku: LENOVO_BI_A0
dmi.product.version: ThinkStation S30
dmi.sys.vendor: LENOVO
modified.conffile..etc.apport.crashdb.conf: [modified]
mtime.conffile..etc.apport.crashdb.conf: 2019-08-06T11:56:22.315382 |
|