[Bug 2020913] Re: /etc/profile.d/debuginfd.{sh, csh} are created with 600 permissions

Robie Basak 2020913 at bugs.launchpad.net
Wed Jul 12 11:24:19 UTC 2023 

I discussed this with Sergio elsewhere and we concluded that we don't
want to change behaviour in Jammy to opt users in to start automatically
reaching debuginfod.ubuntu.com without further discussion. So for this
bug, we'll consider the issue to be simply that if the user configures a
server in /etc/debuginfod/, then the installed profile snippets won't
pick it up so that won't work. Sergio will update the User Impact, Test
Plan etc and then we'll be able to fix and validate this on that basis.

Changing behaviour in Jammy by opting users in to debuginfod.ubuntu.com
by default would then be a separate discussion and (if necessary)
tracked in a separate bug.

** Changed in: elfutils (Ubuntu Jammy)
       Status: In Progress => Incomplete

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to elfutils in Ubuntu.
https://bugs.launchpad.net/bugs/2020913

Title:
  /etc/profile.d/debuginfd.{sh,csh} are created with 600 permissions

Status in elfutils package in Ubuntu:
  Fix Released
Status in elfutils source package in Jammy:
  Incomplete

Bug description:
  [ Impact ]

  Users installing libdebuginfod-common (the package that ships the
  shell snippets responsible for configuring the DEBUGINFOD_URLS
  environment variable, which will ultimately be used by GDB to contact
  the Ubuntu debuginfod service) experience a problem caused by
  permissions being set too tightly for
  /etc/profile.d/debuginfod.{sh,csh}.  This results in DEBUGINFOD_URLS
  not being set for non-root users.

  [ Test Plan ]

  Inside a Jammy container:

  # apt install -y libdebuginfod-common
  # ls -lah /etc/profile.d/debuginfod*

  Verify that the permission of both files allow them to be world-
  readable.

  [ Where problems could occur ]

  Care has been taken to not modify existing file permissions
  unnecessarily by using "g+r,o+r" when invoking chmod, but it is still
  possible to conceive a scenario where upgrading the package would make
  the files world-readable when the user is actually expecting
  otherwise.  However, such "regression" would arguably not be something
  supported because if the intention is to prevent non-root users from
  making use of debuginfod, there are better ways to achieve it.

  [ Original Description ]

  In a fresh container, installing libdebuginfod-common gives a
  /etc/profile.d that looks like this:

  ```
  root at 32f34f7e271e:/etc/profile.d# ls -lah
  total 24K
  drwxr-xr-x 1 root root 4.0K May 26 17:23 .
  drwxr-xr-x 1 root root 4.0K May 26 17:23 ..
  -rw-r--r-- 1 root root   96 Oct 15  2021 01-locale-fix.sh
  -rw------- 1 root root  677 May 26 17:23 debuginfod.csh
  -rw------- 1 root root  692 May 26 17:23 debuginfod.sh

  ```

  when I login as a nonprivledged user, DEBUGINFOD_URLS is not set
  because the permissions are incorrect on the profile files.

  ```
  # dpkg -l  | grep libdebug
  ii  libdebuginfod-common    0.186-1build1                           all          configuration to enable the Debian debug info server
  ```

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/elfutils/+bug/2020913/+subscriptions

More information about the foundations-bugs mailing list