[Bug 2099811] Re: Os-prober segmentation fault one message for each partition on same PC

Mon Mar 3 23:25:12 UTC 2025

So the problem with Alex's fix is that it makes a default allow profile
available on the default install. Which is a security hole unless the
apparmor_restrict_unprivileged_unconfined restriction is enabled, by
default.

We tolerate the sbuild profile because it is not installed by default,
and it really needs very broad privileges to work. Just like lxd etc
installing it is assumed to accept some risk.

On plucky we are trying to have
apparmor_restrict_unprivileged_unconfined enabled by default but it is
one of the features that had to be reverted on previous releases. The
restriction is also currently disabled by LXD, meaning the default allow
os-prober profile becomes an attack vector if the machine has LXD.

In the current default state on plucky we should be okay, so I am not
opposed to making this public. But we also need to be aware that there
are potential security concerns.

For now lets run with Alex's fix. The AppArmor team will look into
developing a tighter os-prober profile than Alex's fix, so we have that
available if needed.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to os-prober in Ubuntu.
https://bugs.launchpad.net/bugs/2099811

Title:
  Os-prober segmentation fault one message for each partition on same PC

Status in apparmor package in Ubuntu:
  Confirmed
Status in os-prober package in Ubuntu:
  Confirmed

Bug description:
  Reporting this bug on os-prober, my bug https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/2099662
  was incorrectly attributed to grub

  corrado at corrado-n3-pp-0223:~$ sudo os-prober
  [sudo] password for corrado: 
  find: Failed to restore initial working directory: /home/corrado: Permission denied
  Segmentation fault
  Segmentation fault
  Segmentation fault
  Segmentation fault
  Segmentation fault
  Segmentation fault
  Segmentation fault
  Segmentation fault
  Segmentation fault
  Segmentation fault
  Segmentation fault
  Segmentation fault
  Segmentation fault
  Segmentation fault
  Segmentation fault
  Segmentation fault
  Segmentation fault
  Segmentation fault
  Segmentation fault
  corrado at corrado-n3-pp-0223:~$ 

  Attaching related journal

  ProblemType: Bug
  DistroRelease: Ubuntu 25.04
  Package: os-prober 1.83ubuntu2
  ProcVersionSignature: Ubuntu 6.12.0-15.15-generic 6.12.11
  Uname: Linux 6.12.0-15-generic x86_64
  ApportVersion: 2.31.0+git20250220-0ubuntu2
  Architecture: amd64
  CasperMD5CheckResult: unknown
  CurrentDesktop: ubuntu:GNOME
  Date: Sun Feb 23 15:46:27 2025
  InstallationDate: Installed on 2025-02-23 (0 days ago)
  InstallationMedia: Ubuntu 25.04 "Plucky Puffin" - Daily amd64 (20250223)
  ProcEnviron:
   LANG=en_US.UTF-8
   PATH=(custom, no user)
   SHELL=/bin/bash
   TERM=xterm-256color
   XDG_RUNTIME_DIR=<set>
  SourcePackage: os-prober
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2099811/+subscriptions