Ubuntu
systemd package

Bug #1804603
Comment #22

Comment 22 for bug 1804603

Revision history for this message

fusillator (fusillo) wrote on 2019-01-02:

#22

hi again, not sure if the most sensible approach
anyway in bionic I tried to revert the last two patches from the source of systemd_237-3ubuntu10.9.debian with the following commands:

export QUILT_PATCHES=debian/patches
export QUILT_REFRESH_ARGS="-p ab --no-timestamps --no-index"
quilt pop
quilt pop
sed 's/^CVE-2018-6954.*/#&/' debian/patches/series

Then I recompiled and installed the new package and the error disappear.
Anyway the involved patches were there to fix some issues:

$ quilt header patches/CVE-2018-6954
Description: tmpfiles: don't resolve pathnames when traversing recursively
through directory trees

Otherwise we can be fooled if one path component is replaced underneath us.

The patch achieves that by always operating at file descriptor level (by using
*at() helpers) and by making sure we do not any path resolution when traversing
direcotry trees.

However this is not always possible, for instance when listing the content of a
directory or some operations don't provide the *at() helpers or others (such as
fchmodat()) don't have the AT_EMPTY_PATH flag. In such cases we operate on
/proc/self/fd/%i pseudo-symlink instead, which works the same for all kinds of
objects and requires no checking of type beforehand.

Also O_PATH flag is used when opening file objects in order to prevent
undesired behaviors: device nodes from reacting, automounts from
triggering, etc...

Fixes: CVE-2018-6954

Origin: upstream, https://github.com/systemd/systemd/commit/936f6bdb803c432578e2cdcc5f93f3bfff93aff0
Bug: https://github.com/systemd/systemd/issues/7986

$ quilt header patches/CVE-2018-6954_2
Description: Make tmpfiles safe

In addition to backporting the changesets in #8822, this also backports
e04fc13 (test: add tests for systemd-tmpfiles), as well as empty_to_root()
from v239.

Origin: upstream, https://github.com/systemd/systemd/pull/8822/commits
Bug: https://github.com/systemd/systemd/issues/7986

So I'm not sure if it's a secure/stable workaround
Maybe it would be better mixixing up the releases installing the patched package from cosmic-proposed... I will test on another snapshot to see what happens..
Just a curiosity: is bionic still supported?

hi again, not sure if the most sensible approach 
anyway in bionic I tried to revert the last two patches from the source of systemd_237-3ubuntu10.9.debian with the following commands:

export QUILT_PATCHES=debian/patches
export QUILT_REFRESH_ARGS="-p ab --no-timestamps --no-index"
quilt pop 
quilt pop 
sed 's/^CVE-2018-6954.*/#&/' debian/patches/series

Then I recompiled and installed the new package and the error disappear. 
Anyway the involved patches were there to fix some issues:

$ quilt header patches/CVE-2018-6954
Description: tmpfiles: don't resolve pathnames when traversing recursively
 through directory trees

Otherwise we can be fooled if one path component is replaced underneath us.

The patch achieves that by always operating at file descriptor level (by using
 *at() helpers) and by making sure we do not any path resolution when traversing
 direcotry trees.

However this is not always possible, for instance when listing the content of a
 directory or some operations don't provide the *at() helpers or others (such as
 fchmodat()) don't have the AT_EMPTY_PATH flag. In such cases we operate on
 /proc/self/fd/%i pseudo-symlink instead, which works the same for all kinds of
 objects and requires no checking of type beforehand.

Also O_PATH flag is used when opening file objects in order to prevent
 undesired behaviors: device nodes from reacting, automounts from
 triggering, etc...