sqlite triggers syscall error if run as root in snappy default confinement (fchown not allowed)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
sqlite3 (Ubuntu) |
Expired
|
High
|
Unassigned |
Bug Description
Code currently tries to change user to uid if geteuid is root; this call triggers fchown syscall exception in snappy.
Good news is that in snappy this call is a null op in theory as both geteuid as well as uid are 0, so changing wouldnt do anything.
Fix is to not try to chown if geteuid is equal to uid (e.g. if it would be a null op anyway). "Safe" patch should be:
Index: sqlite3-
=======
--- sqlite3-
+++ sqlite3-
@@ -497,7 +497,7 @@ static struct unix_syscall {
*/
static int robustFchown(int fd, uid_t uid, gid_t gid){
#if defined(
- return osGeteuid() ? 0 : osFchown(
+ return osGeteuid() || osGeteuid() == uid ? 0 : osFchown(
#else
return 0;
#endif
Changed in sqlite3 (Ubuntu): | |
status: | New → Confirmed |
importance: | Undecided → High |
subscribing ubuntu release. would like to see this considered for final release still as sqlite is an often used components in snaps and with this patch you can pull in the binary from the archive through the convenient snapcraft stage-packages ...
patch should be safe as it basically just avoids a null op that in case of snappy then gets the process killed for no reason (e.g. chown from 0 to 0 -> seccomp kicks in).