touch-packages team mailing list archive

Thread
Date

[Bug 1500541] Re: apport-retrace crashed with IOError in main: [Errno 13] Permission denied: '_usr_bin_Xorg.0.crash'

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: Brian Murray <brian@xxxxxxxxxx>
Date: Mon, 28 Sep 2015 21:06:01 -0000
Reply-to: Bug 1500541 <1500541@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

This is also fall out of the following change:

    - SECURITY FIX: Fix all writers of report files (package_hook,
      kernel_crashdump, and similar) to open the report file exclusively,
      i. e. fail if they already exist. This prevents privilege escalation
      through symlink attacks. Note that this will also prevent overwriting
      previous reports with the same same. Thanks to halfdog for discovering
      this! (CVE-2015-1338, LP: #1492570)

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1338

** Changed in: apport (Ubuntu)
       Status: New => Triaged

** Information type changed from Private to Public

** Tags added: rls-w-incoming

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apport in Ubuntu.
https://bugs.launchpad.net/bugs/1500541

Title:
  apport-retrace crashed with IOError in __main__: [Errno 13] Permission
  denied: '_usr_bin_Xorg.0.crash'

Status in apport package in Ubuntu:
  Triaged

Bug description:
  apport did not have the permissions to read the crash report in
  /var/crash, since I ran it as unpriviledged user.

  I think apport   could handle this more gracefully :)

  ProblemType: Crash
  DistroRelease: Ubuntu 15.10
  Package: apport-retrace 2.19-0ubuntu1
  ProcVersionSignature: Ubuntu 4.2.0-11.13-generic 4.2.1
  Uname: Linux 4.2.0-11-generic x86_64
  ApportLog: Error: [Errno 13] Keine Berechtigung: '/var/log/apport.log'
  ApportVersion: 2.19-0ubuntu1
  Architecture: amd64
  CurrentDesktop: GNOME
  Date: Mon Sep 28 19:22:10 2015
  ExecutablePath: /usr/bin/apport-retrace
  InstallationDate: Installed on 2013-01-08 (993 days ago)
  InstallationMedia: Ubuntu 12.10 "Quantal Quetzal" - Release amd64 (20121017.5)
  InterpreterPath: /usr/bin/python2.7
  JournalErrors:
   No journal files were found.
   -- No entries --
  PackageArchitecture: all
  ProcCmdline: /usr/bin/python /usr/bin/apport-retrace _usr_bin_Xorg.0.crash
  PythonArgs: ['/usr/bin/apport-retrace', '_usr_bin_Xorg.0.crash']
  SourcePackage: apport
  Title: apport-retrace crashed with IOError in __main__: [Errno 13] Permission denied: '_usr_bin_Xorg.0.crash'
  Traceback:
   Traceback (most recent call last):
     File "/usr/bin/apport-retrace", line 405, in <module>
       out = open(options.report, 'wb')
   IOError: [Errno 13] Permission denied: '_usr_bin_Xorg.0.crash'
  UpgradeStatus: No upgrade log present (probably fresh install)
  UserGroups: audio bluetooth colord disk fuse games libvirtd operator pulse sudo syslog users vboxusers video whoopsie wireshark

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1500541/+subscriptions

touch-packages team mailing list archive

[Bug 1500541] Re: apport-retrace crashed with IOError in __main__: [Errno 13] Permission denied: '_usr_bin_Xorg.0.crash'

[Bug 1500541] Re: apport-retrace crashed with IOError in main: [Errno 13] Permission denied: '_usr_bin_Xorg.0.crash'