[Bug 1399914] Re: Tries to start sshd on port 1022 even in chroot, crashes if unable

Brian Murray brian at ubuntu.com
Mon Dec 8 19:32:33 UTC 2014 

** Changed in: ubuntu-release-upgrader (Ubuntu)
       Status: New => Triaged

** Changed in: ubuntu-release-upgrader (Ubuntu)
   Importance: Undecided => Medium

** Tags added: vivid

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to ubuntu-release-upgrader in
Ubuntu.
https://bugs.launchpad.net/bugs/1399914

Title:
  Tries to start sshd on port 1022 even in chroot, crashes if unable

Status in ubuntu-release-upgrader package in Ubuntu:
  Triaged

Bug description:
  When running do-release-upgrade inside a chroot, it insists on
  starting an emergency sshd on port 1022. If it’s not possible, for the
  likely reason that openssh-server is not installed inside the chroot,
  the upgrade process crashes.

  In a chroot environment, starting such an sshd is not needed because
  there’s supposed to be one outside the chroot which the upgrade
  process shouldn’t be able to affect; also it’s a security issue
  because permissions inside the chroot may be lax due to the fact one
  needs to be root to get into the chroot in the first place (for
  example, I have an Ubuntu chroot environment on a Debian stable server
  for experimenting; I’ve given my user sudo NOPASSWD privileges, which
  is in itself safe but becomes a liability when the port 1022 sshd
  launches inside the chroot).

  Given that the DistUpgrade module already has inside_chroot()
  detection function, I suggest that the module only perform its
  _sshMagic() if no chroot is detected. Additionally, I suggest a
  command-line option to disable the port 1022 sshd if the administrator
  so desires.

  ProblemType: Bug
  DistroRelease: Ubuntu 14.10
  Package: python3-distupgrade 1:14.10.9
  ProcVersionSignature: Ubuntu 3.16.0-25.33-generic 3.16.7
  Uname: Linux 3.16.0-25-generic i686
  NonfreeKernelModules: nvidia
  ApportVersion: 2.14.7-0ubuntu8
  Architecture: i386
  CrashDB: ubuntu
  CurrentDesktop: KDE
  Date: Sat Dec  6 13:27:54 2014
  PackageArchitecture: all
  SourcePackage: ubuntu-release-upgrader
  UpgradeStatus: Upgraded to utopic on 2014-11-30 (5 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-release-upgrader/+bug/1399914/+subscriptions

More information about the foundations-bugs mailing list