[Bug 2043711] Re: Open3.pm tries to run code in /tmp when updating ubuntu-drivers-common

Alex Murray 2043711 at bugs.launchpad.net
Mon Nov 20 00:17:15 UTC 2023 

I am struggling to see the vulnerability here still - the path used in
this case is /tmp/ubuntu-drivers-common.config.55GJ8b appears to have a
randomly generated suffix and so couldn't have been guessed beforehand
nor preseeded with other contents by a local attacker - so the only way
then that I can see that this could be a vulnerability would be if this
file was world-writable - but it is not clear that this is the case
either.

Assuming this file comes from debconf, from what I can see in its
sources, it creates temporary files via the
https://perldoc.perl.org/File::Temp package - which states that files
are created with permissions 0600 by default too.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to perl in Ubuntu.
https://bugs.launchpad.net/bugs/2043711

Title:
  Open3.pm tries to run code in /tmp when updating ubuntu-drivers-common

Status in perl package in Ubuntu:
  Invalid

Bug description:
  During update of ubuntu-drivers-common:

    Can't exec "/tmp/ubuntu-drivers-common.config.55GJ8b": Permission denied at /usr/lib/x86_64-linux-gnu/perl-base/IPC/Open3.pm line 178, <GEN0> line 1.
  open2: exec of /tmp/ubuntu-drivers-common.config.55GJ8b configure 1:0.9.6.2~0.22.04.4 failed: Permission 
    denied at /usr/share/perl5/Debconf/ConfModule.pm line 59.
    Preconfiguring packages ...
    Can't exec "/tmp/ubuntu-drivers-common.config.uSPrCH": Permission denied at /usr/lib/x86_64-linux-gnu/perl-base/IPC/Open3.pm line 178, <GEN0> line 1.
    open2: exec of /tmp/ubuntu-drivers-common.config.uSPrCH configure 1:0.9.6.2~0.22.04.4 failed: Permission 
    denied at /usr/share/perl5/Debconf/ConfModule.pm line 59.

  /tmp is mounted with noexec because running code from /tmp has been a
  vulnerability vector for several decades, hence reporting this as a
  vulnerability in perl-base.

  This error did not appear to prevent the update of ubuntu-drivers-
  common and "dpkg --verify ubuntu-drivers-common" returns 0.

  ___________________________________________________________________________________________________________

  Attempting to use the package search on this form by clicking the 🔍
  created a modal in which there is an error

    Sorry, something went wrong with your search. We've recorded what
  happened, and we'll fix it as soon as possible. (Error ID:
  OOPS-c80f71590b02908a1187b9f743c53eac)

  which is repeated with any attempt to search for a package.

  ___________________________________________________________________________________________________________

  Submitting this form gives an error

    "perl-base" does not exist in Ubuntu. Please choose a different
  package. If you're unsure, please select "I don't know"

    $ dpkg -S /usr/lib/x86_64-linux-gnu/perl-base/IPC/Open3.pm
    perl-base: /usr/lib/x86_64-linux-gnu/perl-base/IPC/Open3.pm
    $ dpkg -l perl-base
    Desired=Unknown/Install/Remove/Purge/Hold
    | Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
    |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
    ||/ Name           Version           Architecture Description
    +++-==============-=================-============-=============================>
    ii  perl-base      5.34.0-3ubuntu1.2 amd64        minimal Perl system

  Looks like a package to me. Nevertheless, using "Did you mean..."
  offers "perl".

  ProblemType: Bug
  DistroRelease: Ubuntu 22.04
  Package: perl-base 5.34.0-3ubuntu1.2
  ProcVersionSignature: Ubuntu 6.5.0-1007.7-oem 6.5.3
  Uname: Linux 6.5.0-1007-oem x86_64
  ApportVersion: 2.20.11-0ubuntu82.5
  Architecture: amd64
  CasperMD5CheckResult: unknown
  CurrentDesktop: ubuntu:GNOME
  Date: Thu Nov 16 10:08:48 2023
  InstallationDate: Installed on 2016-04-23 (2763 days ago)
  InstallationMedia: Ubuntu 16.04 LTS "Xenial Xerus" - Release amd64 (20160420.1)
  ProcEnviron:
   TERM=rxvt
   PATH=(custom, no user)
   XDG_RUNTIME_DIR=<set>
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  SourcePackage: perl
  UpgradeStatus: Upgraded to jammy on 2022-08-19 (453 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/perl/+bug/2043711/+subscriptions

More information about the foundations-bugs mailing list