[Bug 1867537] Re: 10-link-restrictions.conf missing - removed by postinst

Peter White 1867537 at bugs.launchpad.net
Tue Sep 14 18:02:04 UTC 2021 

Just found this, because I also noticed the debsums error. A quick look in the changelog finds this:
> procps (2:3.3.16-1ubuntu1) focal; urgency=low
> [...]
>   * Dropped changes, no longer needed:
>     ...
>     - 10-link-restrictions.conf: this is redundant with link-protect.conf
>       from Debian.
>   * debian/procps.maintscript: handle migration of link-protect.conf from
>     /etc to /usr.
>
>  -- Steve Langasek <steve.langasek at ubuntu.com>  Thu, 13 Feb 2020 22:53:02 -0800

But apparently that file never arrived downstream? Neither find /usr ...
nor apt-file search can find it. Having had a look at the contents of
said file by opening the .deb archive has me a bit worried:

> # These settings eliminate an entire class of security vulnerability:
> # time-of-check-time-of-use cross-privilege attacks using guessable
> # filenames (generally seen as "/tmp file race" vulnerabilities).

This could very well warrant a bump in severity, given there are
security implications.

A simple workaround is to just copy that file manually into
/etc/sysctl.d under a different name, so postinst can't find it, should
it try to murder it again. :P Of course it won't solve the debsums error
but it solves the bigger problem of the file missing entirely.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to procps in Ubuntu.
https://bugs.launchpad.net/bugs/1867537

Title:
  10-link-restrictions.conf missing - removed by postinst

Status in procps package in Ubuntu:
  Confirmed

Bug description:
  The file "10-link-restrictions.conf" is listed in DEBIAN/conffiles in
  the binary deb package, and the file is present/installed, but it is
  removed by the "postinst" script resulting in "debsums" flagging it as
  a missing config file:

  root at beluga:~# lsb_release -d
  Description:	Ubuntu Focal Fossa (development branch)
  root at beluga:~# apt policy procps
  procps:
    Installed: 2:3.3.16-1ubuntu2
    Candidate: 2:3.3.16-1ubuntu2
    Version table:
   *** 2:3.3.16-1ubuntu2 500
          500 http://gb.archive.ubuntu.com/ubuntu focal/main amd64 Packages
          100 /var/lib/dpkg/status
  root at beluga:~# debsums -ac procps
  debsums: missing file /etc/sysctl.d/10-link-restrictions.conf (from procps package)

  This is not an issue in 18.04:

  manager at brigante:~$ lsb_release -d
  Description:	Ubuntu 18.04.4 LTS
  manager at brigante:~$ apt policy procps
  procps:
    Installed: 2:3.3.12-3ubuntu1.2
    Candidate: 2:3.3.12-3ubuntu1.2
    Version table:
   *** 2:3.3.12-3ubuntu1.2 500
          500 http://it.archive.ubuntu.com/ubuntu bionic-updates/main amd64 Packages
          100 /var/lib/dpkg/status
       2:3.3.12-3ubuntu1.1 500
          500 http://security.ubuntu.com/ubuntu bionic-security/main amd64 Packages
       2:3.3.12-3ubuntu1 500
          500 http://it.archive.ubuntu.com/ubuntu bionic/main amd64 Packages
  manager at brigante:~$ debsums -ac procps

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/procps/+bug/1867537/+subscriptions

More information about the foundations-bugs mailing list