<--

Stuck reading fifo file in Apport

Aleph Research Advisory

Identifier

Severity

Moderate

Products

    • Apport
    • Ubuntu

Vulnerable Versions

    • Apport: Ubuntu 20.10 - Before 2.20.11-0ubuntu50.5
    • Apport: Ubuntu 20.04 - Before 2.20.11-0ubuntu27.16
    • Apport: Ubuntu 18.04 - Before 2.20.9-0ubuntu7.23
    • Apport: Ubuntu 16.04 - Before 2.20.1-0ubuntu2.30

Technical Details

It is possible to stall Apport instance by making him read a FIFO file. Opening FIFO file for read will be blocked by default until someone open the same file for write.

Apport will look for existing crash file (which name can be known prior to execution) and open it (read). Creating FIFO file instead will stall Apport until we write to that file.

report = '%s/%s.%i.crash' % (apport.fileutils.report_dir, info['ExecutablePath'].replace('/', '_'), pidstat.st_uid)
      if os.path.exists(report):
          if apport.fileutils.seen_report(report):
              # do not flood the logs and the user with repeated crashes
              with open(report, 'rb') as f:
                  crash_counter = apport.fileutils.get_recent_crashes(f)
              crash_counter += 1
              if crash_counter > 1:
                  drop_privileges()
                  write_user_coredump(pid, cwd, core_ulimit)
                  error_log('this executable already crashed %i times, ignoring' % crash_counter)
                  sys.exit(0)
              # remove the old file, so that we can create the new one with
              # os.O_CREAT|os.O_EXCL
              os.unlink(report)

Timeline

  • 02-Feb-21
    : Public disclosure.
  • 02-Feb-21
    : Patch available.
  • 21-Jan-21
    : CVE-2021-25684 assigned.
  • 19-Jan-21
    : Reported.

Posts

Credit

External References