[Touch-packages] [Bug 2039217] Re: python apt Cache(memonly=True) does not behave as if memonly.

Tue, 24 Oct 2023 10:35:57 -0700 

** Information type changed from Private Security to Public Security

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to python-apt in Ubuntu.
https://bugs.launchpad.net/bugs/2039217

Title:
  python apt Cache(memonly=True) does not behave as if memonly.

Status in python-apt package in Ubuntu:
  New

Bug description:
  When I use the python constructor for apt.Cache with a
  rootdir=/mnt/host (which is mounted read-only) and memonly=True, it
  isn't behaving as if it's memonly. It's trying to create directories
  on the mounted system.

  Here's my stack: (note, python click module takes up a bit of the top
  of the stack)

  ```
  Collecting apt-based metrics...
  Traceback (most recent call last):
    File "./restart_check.py", line 165, in <module>
      _main()
    File "/usr/local/lib/python3.8/dist-packages/click/core.py", line 1157, in 
__call__
      return self.main(*args, **kwargs)
    File "/usr/local/lib/python3.8/dist-packages/click/core.py", line 1078, in 
main
      rv = self.invoke(ctx)
    File "/usr/local/lib/python3.8/dist-packages/click/core.py", line 1434, in 
invoke
      return ctx.invoke(self.callback, **ctx.params)
    File "/usr/local/lib/python3.8/dist-packages/click/core.py", line 783, in 
invoke
      return __callback(*args, **kwargs)
    File "./restart_check.py", line 139, in _main
      cache = apt.cache.Cache(rootdir=root_dir, memonly=True)
    File "/usr/lib/python3/dist-packages/apt/cache.py", line 161, in __init__
      self._check_and_create_required_dirs(rootdir)
    File "/usr/lib/python3/dist-packages/apt/cache.py", line 201, in 
_check_and_create_required_dirs
      os.makedirs(rootdir + d)
    File "/usr/lib/python3.8/os.py", line 213, in makedirs
      makedirs(head, exist_ok=exist_ok)
    File "/usr/lib/python3.8/os.py", line 213, in makedirs
      makedirs(head, exist_ok=exist_ok)
    File "/usr/lib/python3.8/os.py", line 223, in makedirs
      mkdir(name, mode)
  OSError: [Errno 30] Read-only file system: '/mnt/host/var'
  ```

  Why are those create-dir calls not protected from the memonly flag?
  Are they truly needed to be able to set up the cache?

  Ya know what, this could be a security vulnerability, making writes to
  a system that was supposed to be treated as read-only, particularly
  for those that mounted to a disk in a non-read-only way. memonly is
  not as advertised.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/python-apt/+bug/2039217/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to