gufw-developers team mailing list archive

Thread
Date

Re: [Bug 1581944] Re: "Firewall enabled" message: but not. (/lib has wrong ownership)

To: gufw-developers@xxxxxxxxxxxxxxxxxxx
From: costales <1581944@xxxxxxxxxxxxxxxxxx>
Date: Mon, 16 May 2016 17:03:36 -0000
Reply-to: Bug 1581944 <1581944@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

I think is a system issue, not a gufw issue.
Best regards.
--
Sent using Dekko from my Ubuntu device

-- 
You received this bug notification because you are a member of Gufw
Developers, which is subscribed to Gufw.
https://bugs.launchpad.net/bugs/1581944

Title:
  "Firewall enabled" message: but not. (/lib has wrong ownership)

Status in Gufw:
  Invalid

Bug description:
  I noticed this issue using the Raspberry Pi Ubuntu Mate Image:

  $ sha1sum ubuntu-mate-15.10.3-desktop-armhf-raspberry-pi-2.img
  2c7e349e5adb37dd0a98adb8d2bd8edcdf79c38a  ubuntu-mate-15.10.3-desktop-armhf-raspberry-pi-2.img

  I haven't tried this on other images/architecture - but it seems to me
  that the Firewall Applet GUI in Mate is not correctly verifying
  whether the Firewall is *really* enabled; and this will likely apply
  to any architecture/image.

  The Raspberry Pi image above (I guess incorrectly?) happens to install
  the '/lib' directory with non-root ownership, and additionally has
  group-write permissions: I am *not* reporting that issue here: I'm
  reporting the downstream problem with the Firewall UI given this fact.

  The upshot is: if you use the GUI Firewall Applet to enable the
  Firewall: the Firewall reports back that it is enabled; but then
  running a commandline check:

      sudo ufw status

  Shows that it is not: and reports back the issue with the /lib
  ownership/permissions:

      WARN: uid is 0 but '/lib' is owned by 1000
      WARN: /lib is group writeable!
      Status: inactive

  Closing the Firewall Applet and re-opening it confirms this.
  But to a normal Desktop user: the Firewall Applet has reported back that all is well; it gives the end-user a false impression that their Firewall is enabled, but it is not: it should check (or display the errors that the commandline version 'ufw' does?)

  I fixed this on my system; by issuing the following and retrying - the
  Firewall Applet then correctly enables the Firewall.

          sudo chown root:root /lib
  	sudo chmod g-w /lib

  (And I checked in both cases that the 'ufw status' is telling the
  truth; by attempting to 'break-in' to the Firewall from another
  machine)

  I am attaching a few screenshots and textfiles showing this issue.

To manage notifications about this bug go to:
https://bugs.launchpad.net/gui-ufw/+bug/1581944/+subscriptions

References

[Bug 1581944] [NEW] "Firewall enabled" message: but not. (/lib has wrong ownership)
From: JPW, 2016-05-15
[Bug 1581944] Re: "Firewall enabled" message: but not. (/lib has wrong ownership)
From: JPW, 2016-05-16