[Bug 1434121] [NEW] if-up might fail when triggered before temporary directory available

Thu, 19 Mar 2015 07:47:34 -0700 

Public bug reported:

It seems that if-up.d is activated before any temporary directory is
available. On affected setup that caused a bash here-tag to fail, thus
security settings were not applied to the interface leaving it open to
attacks.

Documentation seems to be unclear, if any script should expect, that
temporary directory would work.  At least here it was quite unexpected
that data processing in scripts without explicit request for disk
operation failed due to that.

In my opinion, a CAVEAT in the interfaces (5) documentation might be
sufficient in most cases.

A workaround for the affected setup was to create a separate temporary
directory on /var/run (which is a tmpfs instance) and export it using
TEMPDIR.


To reproduce:

cat <<OUTEREOF > /etc/network/if-up.d/aaa-early
#!/bin/bash

echo "mounts"
cat /proc/mounts
echo "touch"
touch /tmp/xxx
cat <<EOF
Here document test
EOF
echo "mounts again"
cat /proc/mounts
OUTEREOF
chmod 0755 /etc/network/if-up.d/aaa-early


touch /forcefsck
reboot

# cat /var/log/upstart/network-interface-eth0.log

mounts
...
tmpfs /run tmpfs rw,nosuid,noexec,relatime,size=24784k,mode=755 0 0
/dev/disk/by-uuid/19c0ddc6-c305-4a8a-86f2-fb470ae5b39c / ext4 
ro,relatime,data=ordered 0 0
...
touch
touch: cannot touch '/tmp/xxx': Read-only file system
/etc/network/if-up.d/aaa-early: line 7: cannot create temp file for 
here-document: Read-only file system
mounts again
...
/dev/disk/by-uuid/19c0ddc6-c305-4a8a-86f2-fb470ae5b39c / ext4 
ro,relatime,data=ordered 0 0
...


# lsb_release -rd
Description:    Ubuntu 14.04.2 LTS
Release:        14.04

# apt-cache policy ifupdown
ifupdown:
  Installed: 0.7.47.2ubuntu4.1
  Candidate: 0.7.47.2ubuntu4.1
  Version table:
 *** 0.7.47.2ubuntu4.1 0
        500 http://ubuntu-proxy-ehealth.d03.arc.local/ubuntu/ 
trusty-updates/main i386 Packages
        100 /var/lib/dpkg/status
     0.7.47.2ubuntu4 0
        500 http://ubuntu-proxy-ehealth.d03.arc.local/ubuntu/ trusty/main i386 
Packages

** Affects: ifupdown (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1434121

Title:
  if-up might fail when triggered before temporary directory available

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ifupdown/+bug/1434121/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to