[Bug 1881006] Autopkgtest regression report (livecd-rootfs/2.664.20)

Ubuntu SRU Bot 1881006 at bugs.launchpad.net
Tue Apr 13 18:10:15 UTC 2021 

All autopkgtests for the newly accepted livecd-rootfs (2.664.20) for focal have finished running.
The following regressions have been reported in tests triggered by the package:

livecd-rootfs/2.664.20 (ppc64el)


Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-
migration/focal/update_excuses.html#livecd-rootfs

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to ubiquity in Ubuntu.
https://bugs.launchpad.net/bugs/1881006

Title:
  Incorrect ESP mount options

Status in cloud-images:
  New
Status in subiquity:
  New
Status in grub2 package in Ubuntu:
  New
Status in livecd-rootfs package in Ubuntu:
  Fix Released
Status in ubiquity package in Ubuntu:
  New
Status in livecd-rootfs source package in Xenial:
  Fix Committed
Status in livecd-rootfs source package in Bionic:
  Fix Committed
Status in livecd-rootfs source package in Focal:
  Fix Committed
Status in livecd-rootfs source package in Groovy:
  Fix Committed

Bug description:
  [Impact]

   * For the affected images, the ESP is currently mounted with default
  (0755) permissions. This means anyone can read the ESP partition. This
  can cause security issues as sensitive data might be put in this
  partition[0]

  [Test Plan]

   * Build an uefi image from the ubuntu-cpc project in livecd-rootfs

   * Launch in KVM

   * Check `/etc/fstab` content

   * Check that mount options are reflected in 'mount' command output

   * Ensure a non-root user can not access /boot/efi

  [Where problems could occur]

   * Some users can have automation in place change the mount options.
  This change might break their automation. However, because this change
  is only related to the ESP partition, I don't think a lot of users
  would want to change the default settings.

   * All use cases requiring non-root user to read from this file system
  will be broken. However, given the content of this filesystem, this
  scenario is unlikely and the security benefits should justify this
  risk.

  [original description]

  Previously we decided that ESP should be mounted with umask=0077

  See

  https://git.launchpad.net/ubuntu/+source/partman-
  efi/commit/fstab.d/efi?id=b141ba7648e66ae80eb58d26d40dd717cfee1904

  https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770033

  https://bugs.launchpad.net/ubuntu/+source/partman-efi/+bug/1390183

  This is also documented in https://wiki.ubuntu.com/FSTAB

  However, in GCE instance /boot/efi is not mounted with umask=0077
  fstab is:

  LABEL=cloudimg-rootfs   /        ext4   defaults        0 0
  LABEL=UEFI      /boot/efi       vfat    defaults        0 0

  And in mount options are:
  (rw,relatime,fmask=0022,dmask=0022,codepage=437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro)

  fstab should be fixed to specify "umask=0077" instead of "defaults"
  for the ESP partition

  also zsys setup in ubiquity does weird explicit
  umask=0022,fmask=0022,dmask=0022 which are the defaults anyway, not
  sure where that got those options from.

  systemd, gpt-auto-generator correctly defaults to umask=0077 for ESP
  mount

  I think subiquity is affected, as it does not set "options:
  'umask=0077'" on the /boot/efi mount in the storage specification.

  [0] https://bugs.launchpad.net/cloud-images/+bug/1881006/comments/11

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-images/+bug/1881006/+subscriptions

More information about the foundations-bugs mailing list