downloaded flashplugin update has wrong permissions (not world readable)

Bug #1638694 reported by jimav on 2016-11-02
24
This bug affects 5 people
Affects Status Importance Assigned to Milestone
One Hundred Papercuts
High
Unassigned
update-notifier (Ubuntu)
High
Unassigned

Bug Description

The package which downloads the flashplugin tar is apparently storing it with incorrect permissions which prevent user "_apt" from reading it (presumably without o+r perms). As a result the update process could not drop root permissions and continue. Or, something like that -- see email below.

I can't think of any reason why a downloaded flashplugin file should not be world-readable. So the script which downloads it should be fixed to avoid this.

Here's a sample email root gets after any flash update:

/etc/cron.daily/update-notifier-common:
Get:1 http://archive.canonical.com/pool/partner/a/adobe-flashplugin/adobe-flashplugin_20161026.1.orig.tar.gz [27.2 MB]
Fetched 27.2 MB in 13s (2,037 kB/s)
W: Can't drop privileges for downloading as file '/var/lib/update-notifier/package-data-downloads/partial/adobe-flashplugin_20161026.1.orig.tar.gz' couldn't be accessed by user '_apt'. - pkgAcquire::Run (13: Permission denied)
flashplugin-installer: processing...
flashplugin-installer: downloading http://archive.canonical.com/pool/partner/a/adobe-flashplugin/adobe-flashplugin_20161026.1.orig.tar.gz
Installing from local file /var/lib/update-notifier/package-data-downloads/partial/adobe-flashplugin_20161026.1.orig.tar.gz
Flash Plugin installed.

ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: ubuntu-release-upgrader-core 1:16.04.17
ProcVersionSignature: Ubuntu 4.4.0-46.67-generic 4.4.24
Uname: Linux 4.4.0-46-generic x86_64
NonfreeKernelModules: nvidia_uvm nvidia_drm nvidia_modeset nvidia
ApportVersion: 2.20.1-0ubuntu2.1
Architecture: amd64
CrashDB: ubuntu
CurrentDesktop: Unity
Date: Wed Nov 2 12:48:23 2016
InstallationDate: Installed on 2013-08-06 (1184 days ago)
InstallationMedia: Ubuntu 13.04 "Raring Ringtail" - Release amd64 (20130424)
PackageArchitecture: all
SourcePackage: ubuntu-release-upgrader
Symptom: dist-upgrade
UpgradeStatus: Upgraded to xenial on 2016-05-11 (175 days ago)
VarLogDistupgradeTermlog:

jimav (james-avera) wrote :
tags: added: wily2xenial
affects: ubuntu-release-upgrader (Ubuntu) → update-notifier (Ubuntu)
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in update-notifier (Ubuntu):
status: New → Confirmed
Changed in update-notifier (Ubuntu):
importance: Undecided → High
Changed in hundredpapercuts:
status: New → Confirmed
importance: Undecided → High
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers