[Touch-packages] [Bug 1500541] Re: apport-retrace crashed with IOError in main: [Errno 13] Permission denied: '_usr_bin_Xorg.0.crash'

Brian Murray Mon, 28 Sep 2015 14:16:26 -0700

This is also fall out of the following change:

    - SECURITY FIX: Fix all writers of report files (package_hook,
      kernel_crashdump, and similar) to open the report file exclusively,
      i. e. fail if they already exist. This prevents privilege escalation
      through symlink attacks. Note that this will also prevent overwriting
      previous reports with the same same. Thanks to halfdog for discovering
      this! (CVE-2015-1338, LP: #1492570)


** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1338

** Changed in: apport (Ubuntu)
       Status: New => Triaged

** Information type changed from Private to Public

** Tags added: rls-w-incoming

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apport in Ubuntu.
https://bugs.launchpad.net/bugs/1500541

Title:
  apport-retrace crashed with IOError in __main__: [Errno 13] Permission
  denied: '_usr_bin_Xorg.0.crash'

Status in apport package in Ubuntu:
  Triaged

Bug description:
  apport did not have the permissions to read the crash report in
  /var/crash, since I ran it as unpriviledged user.

  I think apport   could handle this more gracefully :)

  ProblemType: Crash
  DistroRelease: Ubuntu 15.10
  Package: apport-retrace 2.19-0ubuntu1
  ProcVersionSignature: Ubuntu 4.2.0-11.13-generic 4.2.1
  Uname: Linux 4.2.0-11-generic x86_64
  ApportLog: Error: [Errno 13] Keine Berechtigung: '/var/log/apport.log'
  ApportVersion: 2.19-0ubuntu1
  Architecture: amd64
  CurrentDesktop: GNOME
  Date: Mon Sep 28 19:22:10 2015
  ExecutablePath: /usr/bin/apport-retrace
  InstallationDate: Installed on 2013-01-08 (993 days ago)
  InstallationMedia: Ubuntu 12.10 "Quantal Quetzal" - Release amd64 (20121017.5)
  InterpreterPath: /usr/bin/python2.7
  JournalErrors:
   No journal files were found.
   -- No entries --
  PackageArchitecture: all
  ProcCmdline: /usr/bin/python /usr/bin/apport-retrace _usr_bin_Xorg.0.crash
  PythonArgs: ['/usr/bin/apport-retrace', '_usr_bin_Xorg.0.crash']
  SourcePackage: apport
  Title: apport-retrace crashed with IOError in __main__: [Errno 13] Permission 
denied: '_usr_bin_Xorg.0.crash'
  Traceback:
   Traceback (most recent call last):
     File "/usr/bin/apport-retrace", line 405, in <module>
       out = open(options.report, 'wb')
   IOError: [Errno 13] Permission denied: '_usr_bin_Xorg.0.crash'
  UpgradeStatus: No upgrade log present (probably fresh install)
  UserGroups: audio bluetooth colord disk fuse games libvirtd operator pulse 
sudo syslog users vboxusers video whoopsie wireshark

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1500541/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1500541] Re: apport-retrace crashed with IOError in __main__: [Errno 13] Permission denied: '_usr_bin_Xorg.0.crash'

Reply via email to

[Touch-packages] [Bug 1500541] Re: apport-retrace crashed with IOError in main: [Errno 13] Permission denied: '_usr_bin_Xorg.0.crash'