[Bug 1906565] Re: traceback when running apport as non-root user

Brian Murray 1906565 at bugs.launchpad.net
Fri Dec 4 23:27:40 UTC 2020 

I installed the version of apport from groovy-proposed and there is no
longer a Traceback when running the test case.

Setting up python3-apport (2.20.11-0ubuntu50.3) ...
Setting up apport (2.20.11-0ubuntu50.3) ...
apport-autoreport.service is a disabled or a static unit, not starting it.
Processing triggers for systemd (246.6-1ubuntu1) ...
Processing triggers for man-db (2.9.3-2) ...
Processing triggers for hicolor-icon-theme (0.17-2) ...
bdmurray at clean-groovy-amd64:~$ python3 generate-sigsegv-crash.py cat
GNU gdb (Ubuntu 9.2-0ubuntu2) 9.2
Copyright (C) 2020 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
    <http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from cat...
(No debugging symbols found in cat)
(gdb) Starting program: /usr/bin/cat 

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff7ed3cb2 in __GI___libc_read (fd=0, buf=0x7ffff7837000, nbytes=131072) at ../sysdeps/unix/sysv/linux/read.c:26
26      ../sysdeps/unix/sysv/linux/read.c: No such file or directory.
(gdb) warning: Memory read failed for corefile section, 4096 bytes at 0xffffffffff600000.
Saved corefile /tmp/tmpehzet8ma/my.core
(gdb) ERROR: apport (pid 3639) Fri Dec  4 15:25:32 2020: called for pid 3631, signal 11, core limit 0, dump mode 1
ERROR: apport (pid 3639) Fri Dec  4 15:25:32 2020: executable: /usr/bin/cat (command line "/usr/bin/cat")
ERROR: apport (pid 3639) Fri Dec  4 15:25:32 2020: gdbus call error: Error: GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: The name o
rg.gnome.SessionManager was not provided by any .service files

ERROR: apport (pid 3639) Fri Dec  4 15:25:32 2020: debug: session gdbus call: 
ERROR: apport (pid 3639) Fri Dec  4 15:25:32 2020: wrote report /tmp/tmpehzet8ma/_usr_bin_cat.1000.crash
(gdb) Kill the program being debugged? (y or n) [answered Y; input not from terminal]
[Inferior 1 (process 3631) killed]
(gdb) --- post-processing /tmp/tmpehzet8ma/_usr_bin_cat.1000.crash


** Tags removed: verification-needed-groovy
** Tags added: verification-done-groovy

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to apport in Ubuntu.
https://bugs.launchpad.net/bugs/1906565

Title:
  traceback when running apport as non-root user

Status in apport package in Ubuntu:
  Fix Released
Status in apport source package in Xenial:
  Fix Committed
Status in apport source package in Bionic:
  Fix Committed
Status in apport source package in Focal:
  Fix Committed
Status in apport source package in Groovy:
  Fix Committed

Bug description:
  [Impact]
  The apport-test-crashes package, which is used to test the Error Tracker deployments, fails produce crash files for binary applications since "various security hardening fixes" were included in apport. The problematic change is the dropping of supplemental groups in data/apport. This results in a PermissionError as it is not the root user who is calling /usr/share/apport/apport.

  [Test Case]
  The least convulted test case involves using the generate-sigsegv-crash.py script from apport-test-crashes. This ends up using a command similar to '/usr/share/apport/apport -p 4077 -s 11 -E /usr/bin/gnome-calculator < /tmp/20.10-gnome-calculator.core' which then will encounter the Traceback.

  1) Comment out "check_lock()" in /usr/share/apport/apport (This is necessary as we are not running as root)
  2) Put a copy of generate-sigsegv-crash.py on disk.
  3) Run 'python3 /tmp/generate-sigsegv-crash.py cat'
  4) Observe the following Traceback:

  Traceback (most recent call last):
    File "/tmp/tmpvkt5d266/apport", line 599, in <module>
      drop_privileges(True)
    File "/tmp/tmpvkt5d266/apport", line 125, in drop_privileges
      os.setgroups([])
  PermissionError: [Errno 1] Operation not permitted

  With the version of apport from -proposed you'll receive no such
  Traceback.

  [Regression Potential]
  If there is an error in the python code we code see a new traceback for any and all crashes being generated, so ensure regular crash generation works too.

  apport-test-crashes code is here:
  https://code.launchpad.net/~daisy-pluckers/error-tracker-deployment/test-crashes/

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1906565/+subscriptions

More information about the foundations-bugs mailing list