** Changed in: glib2.0 (Ubuntu Jammy)
Status: Triaged => In Progress
** Changed in: glib2.0 (Ubuntu Noble)
Status: Triaged => In Progress
** Changed in: glib2.0 (Ubuntu Oracular)
Status: Triaged => In Progress
** Changed in: glib2.0 (Ubuntu Plucky)
Status: Triaged => In Progress
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to glib2.0 in Ubuntu.
https://bugs.launchpad.net/bugs/2072586
Title:
Running "dconf update" with different umask affects the permissions of
dconf databases in /etc/dconf/db/
Status in glib2.0 package in Ubuntu:
Fix Committed
Status in glib2.0 source package in Jammy:
In Progress
Status in glib2.0 source package in Noble:
In Progress
Status in glib2.0 source package in Oracular:
In Progress
Status in glib2.0 source package in Plucky:
In Progress
Bug description:
[ Impact ]
This was originally reported by a user applying the DISA-STIG on Ubuntu
desktop [1], which requires a global umask of 077. The global dconf databases
in /etc/dconf/db are intended to be read by many users (mode 644).
dconf uses g_file_set_contents from GLib to guarantee consistent writes
[2][3].
The function creates a tempfile to rename over the original but does not
guarantee that the permissions of the tempfile to be the same as the original
[4].
With umask 077, this causes a dconf database write to change the permissions
of
the db file from 644 to 600.
This behavior was changed upstream in 45a36e52 to guarantee that the mode of
the
original file is preserved [5].
The SRU of upstream 45a36e52 to Jammy+ will enable users to modify global
GNOME
configuration without losing read access to the changed dconf databases.
[1] https://ubuntu.com/security/certifications/docs/disa-stig
[2]
https://git.launchpad.net/ubuntu/+source/dconf/tree/gvdb/gvdb-builder.c?h=ubuntu/jammy#n518
[3] https://docs.gtk.org/glib/func.file_set_contents.html
[4] https://docs.gtk.org/glib/func.file_set_contents_full.html#description
[5] https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4607
[ Test Plan ]
Ensure that the patch resolves the original bug:
```
sudo apt-get install dconf-cli
mkdir -p /etc/dconf/db/database.d
cat >/etc/dconf/db/database.d/test <<EOF
[test]
hello='world'
EOF
dconf update
ls -la /etc/dconf/db/database
umask 0077
dconf update
ls -la /etc/dconf/db/database
```
Expected result:
-rw-r--r-- 1 root root 152 Apr 24 14:16 /etc/dconf/db/database
Observed result:
-rw------- 1 root root 152 Apr 24 14:16 /etc/dconf/db/database
[ Where problems could occur ]
GLib is depended upon by thousands of packages in Ubuntu (rdepends counts 3557
in Jammy). It's unknown how many of these packages call
g_file_set_contents{,_full}.
* If
* a file was originally created with a more restrictive mode than the
umask
* g_file_set_contents{,_full} is used to re-write the file
* a user with less permissions than needed to r/w/x the file expects to be
able to do so
Access will be denied with this patch. This only applies if the file is
re-created.
In-place configuration files are unlikely to be affected.
* If
* a file was originally created with a less restrictive mode than the
umask
* g_file_set_contents{,_full} is used to re-write the file
* A user with less permissions than needed to r/w/x the file attempts to
do so
Access will be granted with this patch. This may present a security
concern.
This is most likely to be relevant in hardened environments as umask 077 is
more common there.
It may be reasonable to assume that security-critical use cases would not
rely
on g_file_set_contents for strict access controls as the documentation is
vauge: "[permissions] may be changed to mode depending on flags, or they
may
remain unchanged".
[ Original Description ]
Is it possible to include this [1] upstream fix in Jammy and Noble?
Steps to reproduce:
```
root@test-jammy-01:/etc/dconf/db# dconf update
root@test-jammy-01:/etc/dconf/db# ls -l local
-rw-r--r-- 1 root root 61 Jul 9 12:27 local
root@test-jammy-01:/etc/dconf/db# umask
0022
root@test-jammy-01:/etc/dconf/db# umask 0077
root@test-jammy-01:/etc/dconf/db# umask
0077
root@test-jammy-01:/etc/dconf/db# dconf update
root@test-jammy-01:/etc/dconf/db# ls -l local
-rw------- 1 root root 61 Jul 9 12:28 local
root@test-jammy-01:/etc/dconf/db# apt-cache policy dconf-cli
dconf-cli:
Installed: 0.40.0-3
Candidate: 0.40.0-3
Version table:
*** 0.40.0-3 500
500 http://archive.ubuntu.com/ubuntu jammy/main amd64 Packages
100 /var/lib/dpkg/status
```
Danger of unexpected misconfiguration is great: others require read
access to dconf-databases or their dconf-settings will not update as
expected.
[1] - https://gitlab.gnome.org/GNOME/dconf/-/issues/25
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/glib2.0/+bug/2072586/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
