Package: adb
Version: 1:29.0.6-28
This is a follow-up to
- #688280 android-tools: CVE-2012-5564: android-tools-adb creates a file
with a static file name in /tmp
- #823792 adb creates its log file in /tmp
adb still creates log files in /tmp and
move-log-file-to-proper-dir.patch aimed to use /run/user
for log files does not work as expected.
The upstream bug
https://issuetracker.google.com/issues/37008476
"The adb server has a hardcoded write to /tmp/adb.log."
was marked as "Won't fix".
It seems, stat is incorrectly called for the expected file name, so the
test fails after reboot. The directory name should be used instead.
I expect something like
+ const char *xdg_dir = getenv("XDG_RUNTIME_DIR");
+ std::string log_dir = xdg_dir ? xdg_dir
+ : android::base::StringPrintf("/run/user/%u", getuid());
+ struct stat st = {0};
+ if (stat(log_dir.c_str(), &st) == 0) {
+ return log_dir + "/adb.log";
+ }
I do not consider it as a serious security issue since
"sysctl fs.protected_symlinks" is set by default nowadays.
https://docs.kernel.org/admin-guide/sysctl/fs.html#protected-symlinks
Perhaps there are cases (a lab for students) when somebody may create a
file with a UID of another user (e.g. /tmp/adb.1001.log) causing some
annoyance. As a workaround the following snippet may be sourced when
user environment is initialized:
if [ -z "$ANDROID_ADB_LOG_PATH" ]; then
android_adb_log_dir="${XDG_RUNTIME_DIR:-/run/user/$(id -u)}"
if [ -d "$android_adb_log_dir" ]; then
export ANDROID_ADB_LOG_PATH="$android_adb_log_dir/adb.log"
else
printf "%s: does not exist, adb log would be created in %s\n" \
"$android_adb_log_dir" "${TMPDIR:-/tmp}" 1>&2
fi
fi
I believe, the patch should be either dropped or fixed. In the latter
case log file location should be documented in
/usr/share/doc/adb/README.Debian
