cnf-update-db creates unreadable database if wrong umask
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
command-not-found (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Bionic |
Fix Released
|
Medium
|
Heitor Alves de Siqueira | ||
Focal |
Fix Released
|
Medium
|
Heitor Alves de Siqueira | ||
Impish |
Fix Released
|
Medium
|
Heitor Alves de Siqueira | ||
Jammy |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
[Impact]
If a non-default umask is set for the root user, then the database created by cnf-update-db is not readable by users. This causes exceptions when cnf is invoked.
This fix ensures databases are created with the correct permissions, but it does not automatically reset permissions for broken databases.
[Test Plan]
To reproduce the issue, use the annotated steps below. Confirmed working as a reproducer for Bionic, Focal and Impish. Bionic appears to use a -data package instead of building the db on "apt update", however, adding a non-default repo with CNF metadata will also reproduce the issue. Bionic was tested by adding focal-updates to the APT configuration.
Notes:
1) The "ubuntu" user below is unprivileged, the result of the "adduser ubuntu" command being run and accepting defaults.
2) The "lck" and "ack" commands were randomly selected as commands that were unavailable on the default Ubuntu images used by LXD.
3) Bionic requires the addition of a non-default repo with CNF metadata. The focal-updates repo was used in my testing, any repo meeting the conditions should do.
### Reproduction
# Add repo with CNF metadata if testing Bionic
# Confirm UMASK
grep "^UMASK" /etc/login.defs
# Set /etc/login.defs to umask 027
sed -i -e 's/^UMASK\
# Confirm
grep "^UMASK" /etc/login.defs
# Log out and back in
exit
# Log back in
# Force rebuild of DB
rm -rf /var/lib/
apt update
ls -lah /var/lib/
# Verify failure
su - ubuntu
lck
ack
exit
## END Reproduction
### Verification
# Install updated command-not-found from -proposed
# https:/
# Update command-not-found.
apt upgrade command-not-found
# Verify version
dpkg -l | grep command-not-found
# Force rebuild of DB
rm -rf /var/lib/
apt update
ls -lah /var/lib/
# Verify success
su - ubuntu
lck
ack
exit
## END Verification
The failures expected to be seen when running the "lck" and "ack" commands are similar to:
ubuntu@
Sorry, command-not-found has crashed! Please file a bug report at:
https:/
Please include the following information with the report:
command-not-found version: 0.3
Python version: 3.8.10 final 0
Distributor ID: Ubuntu
Description: Ubuntu 20.04.3 LTS
Release: 20.04
Codename: focal
Exception information:
unable to open database file
Traceback (most recent call last):
File "/usr/lib/
callback()
File "/usr/lib/
cnf = CommandNotFound
File "/usr/lib/
self.db = SqliteDatabase(
File "/usr/lib/
self.con = sqlite3.
sqlite3.
A successful run should look like:
ubuntu@
Command 'lck' not found, did you mean:
command 'ack' from deb ack (3.3.1-1)
command 'ick' from deb intercal (30:0.30-3)
command 'lcp' from deb lsh-client (2.1-12build3)
command 'lc' from deb mono-devel (6.8.0.105+dfsg-2)
command 'lcf' from deb ucf (3.0038+nmu1)
command 'ck' from deb python3-ck (1.9.4-1.1)
Try: apt install <deb name>
The umask changes have little regression potential, are tested in a smoke test, and there is a larger test suite that ensures it does not regress other bits (which again, it really shouldn't)
[Where problems could occur]
In general, regressions due to this bug would continue showing up as file access errors, either in automated tooling that currently works around the faulty database permissions, or in other packages relying on CNF.
Admins could be relying on the incorrect behavior for some reason (e.g. security), and some users could have existing automation in place to correct the issue manually. We'd expect the fix to have little impact on such scenarios, and the patches have been tested for these cases.
Related branches
- Julian Andres Klode (community): Approve
- git-ubuntu import: Pending requested
-
Diff: 59 lines (+20/-1)4 files modifiedCommandNotFound/CommandNotFound.py (+1/-1)
cnf-update-db (+2/-0)
debian/changelog (+12/-0)
debian/tests/smoke (+5/-0)
- Julian Andres Klode (community): Approve
- git-ubuntu import: Pending requested
-
Diff: 59 lines (+20/-1)4 files modifiedCommandNotFound/CommandNotFound.py (+1/-1)
cnf-update-db (+2/-0)
debian/changelog (+12/-0)
debian/tests/smoke (+5/-0)
- Julian Andres Klode (community): Approve
- git-ubuntu import: Pending requested
-
Diff: 59 lines (+20/-1)4 files modifiedCommandNotFound/CommandNotFound.py (+1/-1)
cnf-update-db (+2/-0)
debian/changelog (+12/-0)
debian/tests/smoke (+5/-0)
Changed in command-not-found (Ubuntu): | |
status: | New → Fix Committed |
no longer affects: | command-not-found (Ubuntu Xenial) |
description: | updated |
Changed in command-not-found (Ubuntu Jammy): | |
status: | Fix Committed → Fix Released |
tags: | added: fr-1949 |
tags: | added: sts-sponsor |
tags: |
added: sts-sponsor-halves removed: sts-sponsor |
description: | updated |
tags: | added: sts |
Changed in command-not-found (Ubuntu Bionic): | |
importance: | Undecided → Medium |
Changed in command-not-found (Ubuntu Impish): | |
importance: | Undecided → Medium |
Changed in command-not-found (Ubuntu Focal): | |
importance: | Undecided → Medium |
description: | updated |
Changed in command-not-found (Ubuntu Bionic): | |
status: | Confirmed → In Progress |
Changed in command-not-found (Ubuntu Impish): | |
status: | Confirmed → In Progress |
Changed in command-not-found (Ubuntu Bionic): | |
assignee: | nobody → Heitor Alves de Siqueira (halves) |
Changed in command-not-found (Ubuntu Focal): | |
status: | Confirmed → In Progress |
assignee: | nobody → Heitor Alves de Siqueira (halves) |
Changed in command-not-found (Ubuntu Impish): | |
assignee: | nobody → Heitor Alves de Siqueira (halves) |
Status changed to 'Confirmed' because the bug affects multiple users.