[Bug 2039217] [NEW] python apt Cache(memonly=True) does not behave as if memonly.

Tue, 24 Oct 2023 09:08:14 -0700 

*** This bug is a security vulnerability ***

You have been subscribed to a public security bug by Eduardo Barretto 
(ebarretto):

When I use the python constructor for apt.Cache with a rootdir=/mnt/host
(which is mounted read-only) and memonly=True, it isn't behaving as if
it's memonly. It's trying to create directories on the mounted system.

Here's my stack: (note, python click module takes up a bit of the top of
the stack)

```
Collecting apt-based metrics...
Traceback (most recent call last):
  File "./restart_check.py", line 165, in <module>
    _main()
  File "/usr/local/lib/python3.8/dist-packages/click/core.py", line 1157, in 
__call__
    return self.main(*args, **kwargs)
  File "/usr/local/lib/python3.8/dist-packages/click/core.py", line 1078, in 
main
    rv = self.invoke(ctx)
  File "/usr/local/lib/python3.8/dist-packages/click/core.py", line 1434, in 
invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/usr/local/lib/python3.8/dist-packages/click/core.py", line 783, in 
invoke
    return __callback(*args, **kwargs)
  File "./restart_check.py", line 139, in _main
    cache = apt.cache.Cache(rootdir=root_dir, memonly=True)
  File "/usr/lib/python3/dist-packages/apt/cache.py", line 161, in __init__
    self._check_and_create_required_dirs(rootdir)
  File "/usr/lib/python3/dist-packages/apt/cache.py", line 201, in 
_check_and_create_required_dirs
    os.makedirs(rootdir + d)
  File "/usr/lib/python3.8/os.py", line 213, in makedirs
    makedirs(head, exist_ok=exist_ok)
  File "/usr/lib/python3.8/os.py", line 213, in makedirs
    makedirs(head, exist_ok=exist_ok)
  File "/usr/lib/python3.8/os.py", line 223, in makedirs
    mkdir(name, mode)
OSError: [Errno 30] Read-only file system: '/mnt/host/var'
```

Why are those create-dir calls not protected from the memonly flag? Are
they truly needed to be able to set up the cache?

Ya know what, this could be a security vulnerability, making writes to a
system that was supposed to be treated as read-only, particularly for
those that mounted to a disk in a non-read-only way. memonly is not as
advertised.

** Affects: python-apt (Ubuntu)
     Importance: Undecided
         Status: New

-- 
python apt Cache(memonly=True) does not behave as if memonly.
https://bugs.launchpad.net/bugs/2039217
You received this bug notification because you are a member of Ubuntu Bugs, 
which is subscribed to the bug report.

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to