Control: tags -1 - moreinfo

On Tue, 14 Jan 2020 20:24:51 -0500 Calum McConnell wrote:

> Sorry about taking so long to get back to you: I have been really busy
> recently.

No problem, I got ill immediately afterwards!  :-/

But now, I finally found some time to spend on investigating this bug.
I have mixed news for you.

[...]
> > First of all: it seems to me that you have firefox-esr unpacked, but
> > not configured. In other words, firefox-esr does not seem to be
> > properly installed on your system:
> > 
> > [from System Information in your bug report...]
> > > iu  firefox-esr [www-browser]  68.4.1esr-1
> > [...]
> > 
> > This could be responsible for a number of errors you encounter, when
> > trying to start firefox...
> 
> Okay.  I did test a bit, and firefox is definatly working: so if its
> not unpacked, then somthing weird is going on...

Did you fix the installation status of firefox-esr?
What's the output of the command

  $ dpkg -l | grep firefox

on your system, now?

As explained below, this is not the cause of your errors, but something
to be fixed anyway...

> 
> > I guess xdg-open (internally used by querybts to find a browser)
> > eventually selected a text browser, such as lynx or w3m:
> 
> It did.  I think the errors made that more clear: I'm setting up a
> controlled test to capture a few.
[...]

Now I managed to reproduce the issue, at least with a bunch of similar
errors from firefox (including dialog windows to click into).
The key point is that you are using "sudo" to become root, while I use
"su -", thus missing one subtle difference.

Your controlled test was useful in clarifying what you experienced.
Thanks for taking the time to transcript it (and comment it!).

So, without further ado, what happened?

 • regular user calls sudo to run apt as root
 • apt calls apt-listbugs
 • apt-listbugs invokes s6-setuidgid to drop root privileges and run
   querybts as the original regular user
 • querybts wants to invoke a browser and calls xdg-open on the URL

The key difference between "sudo" and "su -" is that "sudo" preserves
the DISPLAY (and XAUTHORITY) environment variables, while "su -" does
not.
You can compare it by yourself:

  $ sudo env > /tmp/sudo_env
  $ su -
  # env > /tmp/su_-_env
  $ egrep 'DISPLAY|XAUTHORITY' /tmp/su*env

Why is this subtle difference important?
Because xdg-open checks whether DISPLAY is set, in order to decide to
try graphical browsers.
sensible-browsers does the same (and is even more ready to surrender,
in case of errors...).

So xdg-open tries a graphical browser such as firefox (if present), but
firefox cannot access the user's profile, since it's being run within
s6-setuidgid ...

OK, I think I shared enough of my headache!   ;-)

Please note that I reduced the steps to reproduce the issue to just:

  $ sudo s6-setuidgid MYREGULARUSER xdg-open http://bugs.debian.org/948697

where MYREGULARUSER should be replaced by your regular username.


I am now trying to find a way to solve, or, at least, mitigate this
issue (which also affects the "w" option of the apt-listbugs prompt,
when inside an "sudo" session...).


Of course, I could completely drop these features, so that apt-listbugs
will no longer be able to invoke querybts or to launch a browser.
After all, there are other, more comfortable, ways to read bug logs.
Usually, if you are already in a graphical session, you can start your
favorite browser and copy and paste the bug numbers there. This can
perhaps be possible even when switching between text consoles...

But I think there are situations where these strategies are not
available. Maybe you are stuck in a single text console, and no other
means to access the web...
As a consequence, I would like to keep these features, although I
should probably document that they should be regarded as "last resort"
approaches...


I could drop the s6-setuidgid trick (which will be replaced by
setpriv in the next version of apt-listbugs, which is however
equivalent). But running querybts or a browser as root is not a good
idea, security-wise, and should hence be avoided, wherever possible.
So, no, I would like to keep the root privilege dropping mechanism, to
the maximum possible extent.


Maybe apt-listbugs could drop the DISPLAY enviroment variable before
invoking querybts or any browser.
The equivalent of 

  $ sudo env -u DISPLAY -u XAUTHORITY s6-setuidgid MYREGULARUSER xdg-open 
http://bugs.debian.org/948697

which directly chooses a text browser, which many less needs than
firefox!
I acknowledge that this is not a perfect workaround, but, at least, it
seems to reduce to the more minimalist situations, where the features
are really needed...

Let me think about it some more (and feel free to express your
thoughts!).


-- 
 http://www.inventati.org/frx/
 There's not a second to spare! To the laboratory!
..................................................... Francesco Poli .
 GnuPG key fpr == CA01 1147 9CD2 EFDF FB82  3925 3E1C 27E1 1F69 BFFE

Attachment: pgpA5vs9zDeCV.pgp
Description: PGP signature

Reply via email to