Bug#942114: cache fails to store capabilities correctly

2019-10-22 Thread Antoine Beaupré 
On 2019-10-10 11:17:24, Antoine Beaupré wrote:
> Control: tags -1 +patch
>
> Here's a patch to fix this, also available in:
>
> https://salsa.debian.org/ganeti-team/ganeti-instance-debootstrap/merge_requests/1

I'm thinking of doing a NMU of this patch to unstable within the next
month if no one else comments here.

From there, if/when the package trickles down to testing, I'll ask the
release team to get the update down into stable as well.

A.

-- 
La nature n'a créé ni maîtres ni esclaves
Je ne veux ni donner ni recevoir de lois.
- Denis Diderot


signature.asc
Description: PGP signature

Bug#942114: cache fails to store capabilities correctly

2019-10-10 Thread Antoine Beaupré 
Control: tags -1 +patch

Here's a patch to fix this, also available in:

https://salsa.debian.org/ganeti-team/ganeti-instance-debootstrap/merge_requests/1

-- 
You are absolutely deluded, if not stupid, if you think that a
worldwide collection of software engineers who can't write operating
systems or applications without security holes, can then turn around
and suddenly write virtualization layers without security holes.
- Theo de Raadt
>From cd34bcc48a2af92f484535b81fba2d46dad1dbb6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Antoine=20Beaupr=C3=A9?= 
Date: Thu, 10 Oct 2019 11:07:51 -0400
Subject: [PATCH] respect Linux capabilities(7) in cache

The default GNU tar configuration does not carry fancy extended
attributes and that is where, among other things, stuff like Linux
capabilities(7) are stored. This is kind of important because that's
how ping(8) works for regular users.

We shove --selinux and --acls in there while we're at it, because why
not. We never know what the future might bring, and it seems
silly *not* to create a complete archive.

Note that --xattrs-include='*' is important because, by default, GNU
tar will not include capabilities /even/ if --xattrs is specified on
the commandline, see this bug report for details:

https://bugzilla.redhat.com/show_bug.cgi?id=771927
---
 create | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/create b/create
index 607bab2..7526e71 100755
--- a/create
+++ b/create
@@ -83,7 +83,7 @@ if [ "$CLEAN_CACHE" -a -d "$CACHE_DIR" ]; then
 fi
 
 if [ -f "$CACHE_FILE" ]; then
-  tar xf "$CACHE_FILE" -C $TMPDIR
+  tar --acls --selinux --xattrs --xattrs-include='*' -x -f "$CACHE_FILE" -C $TMPDIR
 else
   if [ "$PROXY" ]; then
 export http_proxy="$PROXY"
@@ -109,7 +109,7 @@ else
 
   if [ "$GENERATE_CACHE" = "yes" ]; then
 TMP_CACHE=`mktemp "${CACHE_FILE}.XX"`
-tar cf "$TMP_CACHE" -C $TMPDIR .
+tar --acls --selinux --xattrs --xattrs-include='*' -c -f "$TMP_CACHE" -C $TMPDIR .
 mv -f "$TMP_CACHE" "$CACHE_FILE"
   fi
 fi
-- 
2.20.1

Bug#942114: cache fails to store capabilities correctly

2019-10-10 Thread Antoine Beaupre 
Package: ganeti-instance-debootstrap
Version: 0.16-6
Severity: grave

It seems that ganeti-instance-deboostrap fails to properly cache the
filesystem after the first creation. This leads to stuff like
`/usr/bin/ping` having the wrong permissions. On a healthy system,
installed without caching, it looks like this:

root@test01:~# getcap /usr/bin/ping
/usr/bin/ping = cap_net_raw+ep
root@test01:~#

But if that instance is removed and recreated, it then looks like this:

root@test01:~# getcap /usr/bin/ping
root@test01:~#

This is "grave" because capabilities are a serious issue. There could
be suid files that are restricted by capabilities (or the
opposite). We just don't quite know and this looks really wrong. At
best it makes ping unusable by regular users, and that's still a
serious issue.

Inspection of the cache file confirms the capabilities are not stored
correctly:

root@fsn-node-02:~# tar fx 
/var/cache/ganeti-instance-debootstrap/cache-buster-amd64.tar ./usr/bin/ping
root@fsn-node-02:~# getcap ./usr/bin/ping
root@fsn-node-02:~# 

A.

-- System Information:
Debian Release: 10.1
  APT prefers stable-debug
  APT policy: (500, 'stable-debug'), (500, 'stable'), (1, 'experimental'), (1, 
'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-6-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_CA.UTF-8, LC_CTYPE=fr_CA.UTF-8 (charmap=UTF-8), 
LANGUAGE=fr_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages ganeti-instance-debootstrap depends on:
ii  debootstrap  1.0.114
ii  dump 0.4b46-5
ii  e2fsprogs1.44.5-1+deb10u2
ii  fdisk2.33.1-0.1
ii  kpartx   0.7.9-3
ii  util-linux   2.33.1-0.1

ganeti-instance-debootstrap recommends no packages.

ganeti-instance-debootstrap suggests no packages.

-- debconf-show failed