[Bug 1732518] Re: Please re-enable container support in apport

Stéphane Graber stgraber at stgraber.org
Wed Nov 15 23:05:00 UTC 2017 

As for the forwarding issue, there is a check now in place to prevent
such things from happening in the future, that's the argument check in
the receiver.

For the case where as user is running the pre-security upload version of
apport in a container and this post-security upload version on the host,
then the container will indeed receive one more argument than it needs
but I don't think there's much we can do about this.

In this case, the host would send "<pid> <signal> <ulimit> <dump mode>" to the container.
The container would then set its sys.argv to match, effectively putting the dump mode as the global pid.

This is obviously not going to work well and will result in apport crashing in the container.
As far as I can tell this isn't exploitable and will get resolved as soon as the container is upgraded. The check I put in place will prevent this from happening again and once we get named arguments, the problem will go away for good while retaining backward compatibility.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to apport in Ubuntu.
https://bugs.launchpad.net/bugs/1732518

Title:
  Please re-enable container support in apport

Status in apport package in Ubuntu:
  Triaged
Status in apport source package in Xenial:
  Triaged
Status in apport source package in Zesty:
  Triaged
Status in apport source package in Artful:
  Triaged
Status in apport source package in Bionic:
  Triaged

Bug description:
  The latest security update for apport disabled container crash
  forwarding, this is a feature which users do rely on in production and
  while it may have been appropriate to turn it off to put a security
  update out, this needs to be re-enabled ASAP.

  I provided a patch which fixed the security issue before the security
  issue was publicly disclosed so pushing an SRU to all Ubuntu releases
  re-enabling this code should be pretty trivial.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1732518/+subscriptions

More information about the foundations-bugs mailing list