Forbidden sqlite3 system call

Alexander Sack asac at canonical.com
Wed Nov 25 15:49:43 UTC 2015 

On Mon, Nov 23, 2015 at 5:08 PM, Simon Stürz <timonmailinglist at gmail.com> wrote:
> Hello everyone!
>
> I am trying quit a while to publish our IoT server guhIO in the snappy
> store. Unfortunately that was not possible so far
> because I had to use the security template "unconfined" (which is not a good
> idea, but made the development process easier).
>
> The service guhd is written in Qt and uses the sqlite3 lib to write a log
> database.
> Now following happens:
> - The service starts as root
> - The service opens the database connection
> - The db will be created in the snappy app data path:
> /var/lib/apps/guhio.sideload/IGKUccPPYHOe/guhd.log
> - The whole service crashes if he tries to create the database with
> following code:
>
>   QSqlQuery query;
>   query.exec("CREATE TABLE metadata (key varchar(10), data varchar(40));");
>
> So I checked the syslog:
>
> $ sudo snappy-debug.security scanlog
>
> = Seccomp =
> Time: Nov 23 12:35:33
> Log: auid=4294967295 uid=0 gid=0 ses=4294967295 pid=1307 comm="guhd"
> exe="/apps/guhio.sideload/IGKUccPPYHOe/usr/bin/guhd" sig=31 arch=40000028
> 207(fchown32) compat=0 ip=0x765fe836 code=0x0
> Syscall: fchown32
> Suggestions:
> * don't copy ownership of files (eg, use 'cp -r --preserve=mode' instead of
> 'cp -a')
> * adjust program to not use 'fchown32'
>
> The strange thing: this code works on all systems (Debian Wheezy, Jessie and
> Ubuntu 12.04 - 15.10 amd64, i386, armhf) except Ubuntu Core. :(
>
> So I tried to create the db file using QFile, changed the permissions (in
> the code) before calling the sqlquery command, everything worked until....
> query.exec(...) -> bad system call.
>
> What could cause this behaviour?
> The suggestion: "adjust program to not use 'fchown32'" would mean: not using
> sqlite3 for me...? That is not an option currently.
> Is there anybody else using sqlite3 + Qt in a snapp?
> Is there a possibility to use security templates or app armor to solve this
> issue?
> Why it is forbidden to call a fchown32() in the own snapp app data path? I
> understand that the call should be unnecessary, but forbidden?
>
> I hope you guys can help me! :)


Two things to start:

  1. security team audits if fchown32 can be allowed for all apps.
  2. if not let's try to understand why sqlite is doing fchown32 on a
query... did you see this in code? maybe its code that only exists to
workaround a scenario that can't happen on snappy systems and a clean
upstream patch can be made to?

CCing Jamie/Tyler for 1.



>
> Cheers,
> Simon
>
>
> --
> snappy-app-devel mailing list
> snappy-app-devel at lists.ubuntu.com
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/snappy-app-devel

More information about the snappy-app-devel mailing list