SO is full of these...
---------- CRYPTOANALYZER ---------- Sent from ProtonMail, encrypted email based in Switzerland. Sent with ProtonMail Secure Email. ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Monday, 6 July 2020 г., 13:51, Zenaan Harkness <z...@freedbms.net> wrote: > In case this is of interest. > > ----- Forwarded message from Zenaan Harkness zen...@freedbms.net ----- > > From: Zenaan harknesszen...@freedbms.net > To: debian-u...@lists.debian.org > Date: Mon, 6 Jul 2020 20:49:52 +1000 > Subject: debmirror: apt update performed "unsandboxed"? ~=> file path not > readable > > This was a question, but after some digging, answered itself (see near > bottom), via a short recursive path analysis script showing that one path > component of the path hierarchy failed to have world-readable perms (a dir in > the middle), so in case it's useful for some: > > Local debmirror mirror, InRelease is out of date so setting > Acquire::Check-Valid-Until=false but getting "unsandboxed" notice/warning: > > apt update -o Acquire::Check-Valid-Until=false > > =============================================== > > ------->> 20200706@20:16:10 <<------- > Get:1 file:/public/debian/sid sid InRelease [146 kB] > ... > Ign:2 file:/public/debian/sid sid/main amd64 Packages > Err:3 file:/public/debian/sid sid/main Translation-en > File not found - /public/debian/sid/dists/sid/main/i18n/Translation-en (2: No > such file or directory) > Get:4 file:/public/debian/sid sid/contrib amd64 Packages [70.1 kB] > Reading package lists... Done > N: Download is performed unsandboxed as root as file > '/public/debian/sid/dists/sid/InRelease' couldn't be accessed by user '_apt'. > - pkgAcquire::Run (13: Permission denied) > E: Failed to fetch file:/public/debian/sid/dists/sid/main/i18n/Translation-en > File not found - /public/debian/sid/dists/sid/main/i18n/Translation-en (2: No > such file or directory) > E: Some index files failed to download. They have been ignored, or old ones > used instead. > > Now when checking that file which is purpotedly causing the "unsandboxed" > 'download', we get this: > > ll /public/debian/sid/dists/sid/InRelease > > ========================================== > > ------->> 20200706@20:19:22 <<------- > 93K -rw-r--r-- 1 zenan zenan 143K 20200627 16:32.03 > /public/debian/sid/dists/sid/InRelease > > Clearly that file is readable by all users.. hmm. > > So let's analyze the full path: > > $ zfile /public/debian/sid/dists/sid/InRelease > ------->> 20200706@20:25:42 <<------- > ---- Analyzing "/public/debian/sid/dists/sid/InRelease" > type: /home/zenan/bin/zfile: line 9: type: > /public/debian/sid/dists/sid/InRelease: not found > f: /public/debian/sid/dists/sid/InRelease > Drwxr-xr-x root root / > drwxr-xr-x root root public > lrwxrwxrwx root root debian -> /Library/Lpools/zen/p1-setups_misc/repos/debian > Drwxr-xr-x root root / > drwxr-xr-x root zenan Library > drwxr-xr-x root root Lpools > drwxr-x--- zenan zenan zen > Drwxr-xr-x zenan zenan p1-setups_misc > Drwxr-xr-x zenan zenan repos > drwxrwxr-x zenan zenan debian > lrwxrwxrwx root root sid -> d00 > lrwxrwxrwx zenan zenan d00 -> d00-sid+tst+src-64 > drwxr-xr-x zenan zenan d00-sid+tst+src-64 > drwxrwxr-x zenan zenan dists > drwxrwxr-x zenan zenan sid > -rw-r--r-- zenan zenan InRelease > -rw-r--r-- 1 zenan zenan 146310 Jun 27 16:32 > /Library/Lpools/zen/p1-setups_misc/repos/debian/d00-sid+tst+src-64/dists/sid/InRelease > /Library/Lpools/zen/p1-setups_misc/repos/debian/d00-sid+tst+src-64/dists/sid/InRelease: > ASCII text > text/plain; charset=us-ascii > {namei|readlink|/usr/bin/file} -f {file}... > > And we notice that /public/debian is a symlink and further down, this > suspicious dir: > > drwxr-x--- zenan zenan zen > > Culprit identified! A quick chmod a+rx /Library/Lpools/zen and the show is > back on the road. > > And the swanky recursive path analyzer (bash script): > https://github.com/zenaan/quick-fixes-ftfw/blob/master/bin/zfile > > ----- End forwarded message -----