[Touch-packages] [Bug 1434121] Re: if-up might fail when triggered before temporary directory available

Thu, 07 May 2015 13:36:11 -0700 

** Tags added: trusty

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ifupdown in Ubuntu.
https://bugs.launchpad.net/bugs/1434121

Title:
  if-up might fail when triggered before temporary directory available

Status in ifupdown package in Ubuntu:
  New

Bug description:
  It seems that if-up.d is activated before any temporary directory is
  available. On affected setup that caused a bash here-tag to fail, thus
  security settings were not applied to the interface leaving it open to
  attacks.

  Documentation seems to be unclear, if any script should expect, that
  temporary directory would work.  At least here it was quite unexpected
  that data processing in scripts without explicit request for disk
  operation failed due to that.

  In my opinion, a CAVEAT in the interfaces (5) documentation might be
  sufficient in most cases.

  A workaround for the affected setup was to create a separate temporary
  directory on /var/run (which is a tmpfs instance) and export it using
  TEMPDIR.

  
  To reproduce:

  cat <<OUTEREOF > /etc/network/if-up.d/aaa-early
  #!/bin/bash

  echo "mounts"
  cat /proc/mounts
  echo "touch"
  touch /tmp/xxx
  cat <<EOF
  Here document test
  EOF
  echo "mounts again"
  cat /proc/mounts
  OUTEREOF
  chmod 0755 /etc/network/if-up.d/aaa-early

  
  touch /forcefsck
  reboot

  # cat /var/log/upstart/network-interface-eth0.log

  mounts
  ...
  tmpfs /run tmpfs rw,nosuid,noexec,relatime,size=24784k,mode=755 0 0
  /dev/disk/by-uuid/19c0ddc6-c305-4a8a-86f2-fb470ae5b39c / ext4 
ro,relatime,data=ordered 0 0
  ...
  touch
  touch: cannot touch '/tmp/xxx': Read-only file system
  /etc/network/if-up.d/aaa-early: line 7: cannot create temp file for 
here-document: Read-only file system
  mounts again
  ...
  /dev/disk/by-uuid/19c0ddc6-c305-4a8a-86f2-fb470ae5b39c / ext4 
ro,relatime,data=ordered 0 0
  ...

  
  # lsb_release -rd
  Description:    Ubuntu 14.04.2 LTS
  Release:        14.04

  # apt-cache policy ifupdown
  ifupdown:
    Installed: 0.7.47.2ubuntu4.1
    Candidate: 0.7.47.2ubuntu4.1
    Version table:
   *** 0.7.47.2ubuntu4.1 0
          500 http://ubuntu-proxy-ehealth.d03.arc.local/ubuntu/ 
trusty-updates/main i386 Packages
          100 /var/lib/dpkg/status
       0.7.47.2ubuntu4 0
          500 http://ubuntu-proxy-ehealth.d03.arc.local/ubuntu/ trusty/main 
i386 Packages

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ifupdown/+bug/1434121/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to