[Bug 1304657] Re: world writable files in /var/lib/apt/lists

Michael Vogt michael.vogt at canonical.com
Wed Apr 9 07:39:42 UTC 2014


It appears that git commit 7335eebea6dd43581d4650a8818b06383ab89901
introduced the bug, i.e. the fchmod() call there. This was done in Tue
Aug 27 2013. Ironically it was meant to improve the security of apt by
replacing mktemp() with mkostemp() - oh well. No stable version of
ubuntu is affected (and none for Debian) - the change was introduced in
apt 0.9.11.2.

The issue is caused by the confusingly named paramter "Perm" in
FileFd::Open() which is not actually the Permission bits but the mode
bits of open(). So 666 means something entirely different here in
fchmod() than in open().

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1304657

Title:
  world writable files in /var/lib/apt/lists

Status in “apt” package in Ubuntu:
  In Progress

Bug description:
  When performing installation audits, I noticed on the image from
  2014-04-07 the following after a livecd install:

  $ ls -l /var/lib/apt/lists|grep 'rw\-rw\-rw'
  -rw-rw-rw- 1 root root    29759 Apr  8 09:10 Ubuntu%2014.04%20LTS%20%5fTrusty%20Tahr%5f%20-%20Daily%20amd64%20(20140407)_dists_trusty_main_binary-amd64_Packages
  -rw-rw-rw- 1 root root        0 Apr  8 09:10 Ubuntu%2014.04%20LTS%20%5fTrusty%20Tahr%5f%20-%20Daily%20amd64%20(20140407)_dists_trusty_main_binary-i386_Packages
  -rw-rw-rw- 1 root root     1199 Apr  8 09:10 Ubuntu%2014.04%20LTS%20%5fTrusty%20Tahr%5f%20-%20Daily%20amd64%20(20140407)_dists_trusty_restricted_binary-amd64_Packages
  -rw-rw-rw- 1 root root        0 Apr  8 09:10 Ubuntu%2014.04%20LTS%20%5fTrusty%20Tahr%5f%20-%20Daily%20amd64%20(20140407)_dists_trusty_restricted_binary-i386_Packages

  This also happens on the server install from the same date:
  $ ls -l /var/lib/apt/lists|grep 'rw\-rw\-rw'
  -rw-rw-rw- 1 root root  1702199 Apr  8 09:09 Ubuntu-Server%2014.04%20LTS%20%5fTrusty%20Tahr%5f%20-%20Daily%20amd64%20(20140407)_dists_trusty_main_binary-amd64_Packages
  -rw-rw-rw- 1 root root        0 Apr  8 09:09 Ubuntu-Server%2014.04%20LTS%20%5fTrusty%20Tahr%5f%20-%20Daily%20amd64%20(20140407)_dists_trusty_main_binary-i386_Packages
  -rw-rw-rw- 1 root root        0 Apr  8 09:09 Ubuntu-Server%2014.04%20LTS%20%5fTrusty%20Tahr%5f%20-%20Daily%20amd64%20(20140407)_dists_trusty_restricted_binary-amd64_Packages
  -rw-rw-rw- 1 root root        0 Apr  8 09:09 Ubuntu-Server%2014.04%20LTS%20%5fTrusty%20Tahr%5f%20-%20Daily%20amd64%20(20140407)_dists_trusty_restricted_binary-i386_Packages

  I installed the image from 2014-04-07, installed today and noticed the
  above.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1304657/+subscriptions



More information about the foundations-bugs mailing list