[Bug 1854237] Re: autopkgtests fail after security fixes

Launchpad Bug Tracker 1854237 at bugs.launchpad.net
Wed Mar 18 01:42:17 UTC 2020 

This bug was fixed in the package apport - 2.20.1-0ubuntu2.22

---------------
apport (2.20.1-0ubuntu2.22) xenial-security; urgency=medium

  [ Michael Hudson-Doyle ]
  * SECURITY REGRESSION: fix autopkgtest failures since recent security
    update (LP: #1854237)
    - Fix regression in creating report for crashing setuid process by getting
      kernel to tell us the executable path rather than reading
      /proc/[pid]/exe.
    - Fix deletion of partially written core files.
    - Fix test_get_logind_session to use new API.
    - Restore add_proc_info raising ValueError for a dead process.
    - Delete test_lock_symlink, no longer applicable now that the lock is
      created in a directory only root can write to.

  [ Tiago Stürmer Daitx ]
  * SECURITY REGRESSION: 'module' object has no attribute 'O_PATH'
    (LP: #1851806)
    - apport/report.py, apport/ui.py: use file descriptors for /proc/pid
      directory access only when running under python 3; prevent reading /proc
      maps under python 2 as it does not provide a secure way to do so; use
      io.open for better compatibility between python 2 and 3.
  * data/apport: fix number of arguments passed through socks into a container.
  * test/test_report.py: test login session with both pid and proc_pid_fd.
  * test/test_apport_valgrind.py: skip test_sandbox_cache_options if system
    has little memory.
  * test/test_ui.py: modify run_crash_kernel test to account for the fact that
    linux-image-$kvers-$flavor is now built from the linux-signed source
    package on amd64 and ppc64el. (LP: #1766740)

 -- Tiago Stürmer Daitx <tiago.daitx at ubuntu.com>  Thu, 27 Feb 2020
03:18:45 +0000

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to apport in Ubuntu.
https://bugs.launchpad.net/bugs/1854237

Title:
  autopkgtests fail after security fixes

Status in Apport:
  New
Status in apport package in Ubuntu:
  Fix Released
Status in apport source package in Xenial:
  Fix Released
Status in apport source package in Bionic:
  Fix Released
Status in apport source package in Disco:
  New
Status in apport source package in Eoan:
  Fix Released

Bug description:
  The following autopkgtests fail after the recent security fixes:

  log:FAIL: test_get_logind_session (__main__.T)
  log:FAIL: test_core_dump_packaged (__main__.T)
  log:FAIL: test_core_dump_unpackaged (__main__.T)
  log:FAIL: test_crash_setuid_drop (__main__.T)
  log:FAIL: test_crash_setuid_keep (__main__.T)
  log:FAIL: test_crash_setuid_nonwritable_cwd (__main__.T)
  log:FAIL: test_lock_symlink (__main__.T)

  test_get_logind_session is a test failing to keep up with an API
  change. test_core_dump_* is failures to remove partly written core
  files. Both of these are easy fixes, I'll have a MP for them soon.

  test_crash_setuid_* are caused by the dropping of privileges when
  accessing the crashing process's /proc. They seem to be testing
  behaviour now explicitly forbidden by the fix to be honest!

  test_lock_symlink fails because the lock file is now always in
  /var/lock/apport/ and not in $APPORT_REPORT_DIR. I guess we could
  update the test, but is it really worth it after the fix?

To manage notifications about this bug go to:
https://bugs.launchpad.net/apport/+bug/1854237/+subscriptions

More information about the foundations-bugs mailing list