[Bug 1399914] [NEW] Tries to start sshd on port 1022 even in chroot, crashes if unable

Roman Odaisky 1399914 at bugs.launchpad.net
Sat Dec 6 12:21:00 UTC 2014 

Public bug reported:

When running do-release-upgrade inside a chroot, it insists on starting
an emergency sshd on port 1022. If it’s not possible, for the likely
reason that openssh-server is not installed inside the chroot, the
upgrade process crashes.

In a chroot environment, starting such an sshd is not needed because
there’s supposed to be one outside the chroot which the upgrade process
shouldn’t be able to affect; also it’s a security issue because
permissions inside the chroot may be lax due to the fact one needs to be
root to get into the chroot in the first place (for example, I have an
Ubuntu chroot environment on a Debian stable server for experimenting;
I’ve given my user sudo NOPASSWD privileges, which is in itself safe but
becomes a liability when the port 1022 sshd launches inside the chroot).

Given that the DistUpgrade module already has inside_chroot() detection
function, I suggest that the module only perform its _sshMagic() if no
chroot is detected. Additionally, I suggest a command-line option to
disable the port 1022 sshd if the administrator so desires.

ProblemType: Bug
DistroRelease: Ubuntu 14.10
Package: python3-distupgrade 1:14.10.9
ProcVersionSignature: Ubuntu 3.16.0-25.33-generic 3.16.7
Uname: Linux 3.16.0-25-generic i686
NonfreeKernelModules: nvidia
ApportVersion: 2.14.7-0ubuntu8
Architecture: i386
CrashDB: ubuntu
CurrentDesktop: KDE
Date: Sat Dec  6 13:27:54 2014
PackageArchitecture: all
SourcePackage: ubuntu-release-upgrader
UpgradeStatus: Upgraded to utopic on 2014-11-30 (5 days ago)

** Affects: ubuntu-release-upgrader (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: apport-bug dist-upgrade i386 utopic

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to ubuntu-release-upgrader in
Ubuntu.
https://bugs.launchpad.net/bugs/1399914

Title:
  Tries to start sshd on port 1022 even in chroot, crashes if unable

Status in ubuntu-release-upgrader package in Ubuntu:
  New

Bug description:
  When running do-release-upgrade inside a chroot, it insists on
  starting an emergency sshd on port 1022. If it’s not possible, for the
  likely reason that openssh-server is not installed inside the chroot,
  the upgrade process crashes.

  In a chroot environment, starting such an sshd is not needed because
  there’s supposed to be one outside the chroot which the upgrade
  process shouldn’t be able to affect; also it’s a security issue
  because permissions inside the chroot may be lax due to the fact one
  needs to be root to get into the chroot in the first place (for
  example, I have an Ubuntu chroot environment on a Debian stable server
  for experimenting; I’ve given my user sudo NOPASSWD privileges, which
  is in itself safe but becomes a liability when the port 1022 sshd
  launches inside the chroot).

  Given that the DistUpgrade module already has inside_chroot()
  detection function, I suggest that the module only perform its
  _sshMagic() if no chroot is detected. Additionally, I suggest a
  command-line option to disable the port 1022 sshd if the administrator
  so desires.

  ProblemType: Bug
  DistroRelease: Ubuntu 14.10
  Package: python3-distupgrade 1:14.10.9
  ProcVersionSignature: Ubuntu 3.16.0-25.33-generic 3.16.7
  Uname: Linux 3.16.0-25-generic i686
  NonfreeKernelModules: nvidia
  ApportVersion: 2.14.7-0ubuntu8
  Architecture: i386
  CrashDB: ubuntu
  CurrentDesktop: KDE
  Date: Sat Dec  6 13:27:54 2014
  PackageArchitecture: all
  SourcePackage: ubuntu-release-upgrader
  UpgradeStatus: Upgraded to utopic on 2014-11-30 (5 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-release-upgrader/+bug/1399914/+subscriptions

More information about the foundations-bugs mailing list