touch-packages team mailing list archive

Thread
Date

[Bug 1434121] Re: if-up might fail when triggered before temporary directory available

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: Patrik Lundquist <1434121@xxxxxxxxxxxxxxxxxx>
Date: Thu, 07 May 2015 20:28:12 -0000
Reply-to: Bug 1434121 <1434121@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Tags added: trusty

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ifupdown in Ubuntu.
https://bugs.launchpad.net/bugs/1434121

Title:
  if-up might fail when triggered before temporary directory available

Status in ifupdown package in Ubuntu:
  New

Bug description:
  It seems that if-up.d is activated before any temporary directory is
  available. On affected setup that caused a bash here-tag to fail, thus
  security settings were not applied to the interface leaving it open to
  attacks.

  Documentation seems to be unclear, if any script should expect, that
  temporary directory would work.  At least here it was quite unexpected
  that data processing in scripts without explicit request for disk
  operation failed due to that.

  In my opinion, a CAVEAT in the interfaces (5) documentation might be
  sufficient in most cases.

  A workaround for the affected setup was to create a separate temporary
  directory on /var/run (which is a tmpfs instance) and export it using
  TEMPDIR.

  
  To reproduce:

  cat <<OUTEREOF > /etc/network/if-up.d/aaa-early
  #!/bin/bash

  echo "mounts"
  cat /proc/mounts
  echo "touch"
  touch /tmp/xxx
  cat <<EOF
  Here document test
  EOF
  echo "mounts again"
  cat /proc/mounts
  OUTEREOF
  chmod 0755 /etc/network/if-up.d/aaa-early

  
  touch /forcefsck
  reboot

  # cat /var/log/upstart/network-interface-eth0.log

  mounts
  ...
  tmpfs /run tmpfs rw,nosuid,noexec,relatime,size=24784k,mode=755 0 0
  /dev/disk/by-uuid/19c0ddc6-c305-4a8a-86f2-fb470ae5b39c / ext4 ro,relatime,data=ordered 0 0
  ...
  touch
  touch: cannot touch '/tmp/xxx': Read-only file system
  /etc/network/if-up.d/aaa-early: line 7: cannot create temp file for here-document: Read-only file system
  mounts again
  ...
  /dev/disk/by-uuid/19c0ddc6-c305-4a8a-86f2-fb470ae5b39c / ext4 ro,relatime,data=ordered 0 0
  ...

  
  # lsb_release -rd
  Description:    Ubuntu 14.04.2 LTS
  Release:        14.04

  # apt-cache policy ifupdown
  ifupdown:
    Installed: 0.7.47.2ubuntu4.1
    Candidate: 0.7.47.2ubuntu4.1
    Version table:
   *** 0.7.47.2ubuntu4.1 0
          500 http://ubuntu-proxy-ehealth.d03.arc.local/ubuntu/ trusty-updates/main i386 Packages
          100 /var/lib/dpkg/status
       0.7.47.2ubuntu4 0
          500 http://ubuntu-proxy-ehealth.d03.arc.local/ubuntu/ trusty/main i386 Packages

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ifupdown/+bug/1434121/+subscriptions

References

[Bug 1434121] [NEW] if-up might fail when triggered before temporary directory available
From: Roman Fiedler, 2015-03-19