[Bug 1560899] Re: sqlite triggers syscall error if run as root in snappy default confinement (fchown not allowed)
Alexander Sack
asac at ubuntu.com
Wed Mar 23 10:29:17 UTC 2016
subscribing ubuntu release. would like to see this considered for final
release still as sqlite is an often used components in snaps and with
this patch you can pull in the binary from the archive through the
convenient snapcraft stage-packages ...
patch should be safe as it basically just avoids a null op that in case
of snappy then gets the process killed for no reason (e.g. chown from 0
to 0 -> seccomp kicks in).
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to sqlite3 in Ubuntu.
https://bugs.launchpad.net/bugs/1560899
Title:
sqlite triggers syscall error if run as root in snappy default
confinement (fchown not allowed)
Status in sqlite3 package in Ubuntu:
New
Bug description:
Code currently tries to change user to uid if geteuid is root; this
call triggers fchown syscall exception in snappy.
Good news is that in snappy this call is a null op in theory as both
geteuid as well as uid are 0, so changing wouldnt do anything.
Fix is to not try to chown if geteuid is equal to uid (e.g. if it
would be a null op anyway). "Safe" patch should be:
Index: sqlite3-3.11.0/src/os_unix.c
===================================================================
--- sqlite3-3.11.0.orig/src/os_unix.c
+++ sqlite3-3.11.0/src/os_unix.c
@@ -497,7 +497,7 @@ static struct unix_syscall {
*/
static int robustFchown(int fd, uid_t uid, gid_t gid){
#if defined(HAVE_FCHOWN)
- return osGeteuid() ? 0 : osFchown(fd,uid,gid);
+ return osGeteuid() || osGeteuid() == uid ? 0 : osFchown(fd,uid,gid);
#else
return 0;
#endif
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1560899/+subscriptions
More information about the foundations-bugs
mailing list