[Bug 1304657] Re: world writable files in /var/lib/apt/lists
Michael Vogt
michael.vogt at canonical.com
Wed Apr 9 07:39:42 UTC 2014
It appears that git commit 7335eebea6dd43581d4650a8818b06383ab89901
introduced the bug, i.e. the fchmod() call there. This was done in Tue
Aug 27 2013. Ironically it was meant to improve the security of apt by
replacing mktemp() with mkostemp() - oh well. No stable version of
ubuntu is affected (and none for Debian) - the change was introduced in
apt 0.9.11.2.
The issue is caused by the confusingly named paramter "Perm" in
FileFd::Open() which is not actually the Permission bits but the mode
bits of open(). So 666 means something entirely different here in
fchmod() than in open().
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1304657
Title:
world writable files in /var/lib/apt/lists
Status in “apt” package in Ubuntu:
In Progress
Bug description:
When performing installation audits, I noticed on the image from
2014-04-07 the following after a livecd install:
$ ls -l /var/lib/apt/lists|grep 'rw\-rw\-rw'
-rw-rw-rw- 1 root root 29759 Apr 8 09:10 Ubuntu%2014.04%20LTS%20%5fTrusty%20Tahr%5f%20-%20Daily%20amd64%20(20140407)_dists_trusty_main_binary-amd64_Packages
-rw-rw-rw- 1 root root 0 Apr 8 09:10 Ubuntu%2014.04%20LTS%20%5fTrusty%20Tahr%5f%20-%20Daily%20amd64%20(20140407)_dists_trusty_main_binary-i386_Packages
-rw-rw-rw- 1 root root 1199 Apr 8 09:10 Ubuntu%2014.04%20LTS%20%5fTrusty%20Tahr%5f%20-%20Daily%20amd64%20(20140407)_dists_trusty_restricted_binary-amd64_Packages
-rw-rw-rw- 1 root root 0 Apr 8 09:10 Ubuntu%2014.04%20LTS%20%5fTrusty%20Tahr%5f%20-%20Daily%20amd64%20(20140407)_dists_trusty_restricted_binary-i386_Packages
This also happens on the server install from the same date:
$ ls -l /var/lib/apt/lists|grep 'rw\-rw\-rw'
-rw-rw-rw- 1 root root 1702199 Apr 8 09:09 Ubuntu-Server%2014.04%20LTS%20%5fTrusty%20Tahr%5f%20-%20Daily%20amd64%20(20140407)_dists_trusty_main_binary-amd64_Packages
-rw-rw-rw- 1 root root 0 Apr 8 09:09 Ubuntu-Server%2014.04%20LTS%20%5fTrusty%20Tahr%5f%20-%20Daily%20amd64%20(20140407)_dists_trusty_main_binary-i386_Packages
-rw-rw-rw- 1 root root 0 Apr 8 09:09 Ubuntu-Server%2014.04%20LTS%20%5fTrusty%20Tahr%5f%20-%20Daily%20amd64%20(20140407)_dists_trusty_restricted_binary-amd64_Packages
-rw-rw-rw- 1 root root 0 Apr 8 09:09 Ubuntu-Server%2014.04%20LTS%20%5fTrusty%20Tahr%5f%20-%20Daily%20amd64%20(20140407)_dists_trusty_restricted_binary-i386_Packages
I installed the image from 2014-04-07, installed today and noticed the
above.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1304657/+subscriptions
More information about the foundations-bugs
mailing list