Package: schroot Version: 1.6.3-1 Severity: serious Tags: security Justification: Security violation and potential for dataloss
Originally reported here: https://bugs.launchpad.net/ubuntu/+source/schroot/+bug/1070008 Calling --recover-session on a session using an LVM snapshot, it remounts using the original LV rather than the snapshot LV. This is due to this check failing: sbuild::chroot_block_device_base::set_device(): /// @todo: This may not be appropriate for derived classes such as /// lvm_snapshot, since re-setting the device could overwrite the /// mount device. chroot_facet_mountable::ptr pmnt (get_facet<chroot_facet_mountable>()); #ifdef SBUILD_FEATURE_LVMSNAP if (!dynamic_cast<chroot_lvm_snapshot *>(this)) #endif pmnt->set_mount_device(this->device); This is due to the use of dynamic_cast<> in this method. This is not in itself wrong, but because this method is called from the constructor, the dynamic_cast<> returns null due to the vptr not yet having any knowledge of the derived class--it will work fine once the base class is constructed. This was already commented in several places to refactor to clean this up, but the presence of this issue will require this to be done immediately. I've tagged this security due to the potential for a user to access the original source chroot. However, the scope is relatively limited since the filesystem permissions will prevent them from doing anything they should not (unless you granted them root access, in which case they already had the ability to do this). Regards, Roger -- System Information: Debian Release: wheezy/sid APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Kernel: Linux 2.6.32.33-kvm-i386-20111128-dirty (SMP w/1 CPU core) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages schroot depends on: ii libboost-filesystem1.49.0 1.49.0-3.1 ii libboost-iostreams1.49.0 1.49.0-3.1 ii libboost-program-options1.49.0 1.49.0-3.1 ii libboost-regex1.49.0 1.49.0-3.1 ii libboost-system1.49.0 1.49.0-3.1 ii libc6 2.13-35 ii libgcc1 1:4.7.1-7 ii liblockdev1 1.0.3-1.5 ii libpam0g 1.1.3-7.1 ii libstdc++6 4.7.1-7 ii libuuid1 2.20.1-5.2 ii schroot-common 1.6.3-1 schroot recommends no packages. Versions of packages schroot suggests: pn aufs-modules | unionfs-modules <none> pn btrfs-tools <none> ii debootstrap 1.0.42 pn lvm2 <none> pn qemu-user-static <none> -- Configuration Files: /etc/schroot/schroot.conf changed [not included] -- no debconf information -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]

