Bug#964776: debsums: Symlink loop detection bug - aborting debsums falsely for absolute non-looping symlinks

Peter Jakobi jakobi at acm.org
Fri Jul 10 12:28:18 BST 2020 

Package: debsums
Version: 3.0.0
Severity: important

Dear Maintainer,

*** Reporter, please consider answering these questions, where appropriate ***

   * What led up to the situation?

Found first on ubuntu 20.04 with some of the longer history.

Basically, that system has an absolute symlink /lib/security
pointing to /lib/x86_64-linux-gnu/security, and some unlucky
packages placing files below /lib/security.

I recreated the issue on debian bullseye with w3m as the victim:

$ apt-get w3m; cd /etc && { mv w3m w3m.orig && ln -s /etc/w3m.orig w3m; ls -ld w3m*;}
# undo with: test -d /etc/w3m.orig && { rm /etc/w3m; mv /etc/w3m.orig /etc/w3m; }



   * What exactly did you do (or not do) that was effective (or
     ineffective)?

On 20.04 I did run debsums without arguments to compare all checksums:
$ debsums

On bullseye I used for speed:
$ debsums -e | wc -l



   * What was the outcome of this action?

debsums on 20.04 aborted on encountering a file below /lib/security,
thus skipping testing of more than 90% of the installed files with
checkums.

The message is "debsums: Error: symlink loop detected in path 
'lib/security/pam_ecryptfs.so'. Please file a bug against ecryptfs-utils."

The files in question are:
$ ls -ld /lib/security/pam_ecryptfs.so /lib/security /lib/x86_64-linux-gnu/security /lib/x86_64-linux-gnu/security/pam_ecryptfs.so
lrwxrwxrwx 1 root root    30 Nov 19  2016 /lib/security -> /lib/x86_64-linux-gnu/security
-rw-r--r-- 1 root root 22920 Mar 18 09:17 /lib/security/pam_ecryptfs.so
drwxr-xr-x 2 root root  7168 Jul  9 02:45 /lib/x86_64-linux-gnu/security
-rw-r--r-- 1 root root 22920 Mar 18 09:17 /lib/x86_64-linux-gnu/security/pam_ecryptfs.so


On debian using w3m as mangled above, it aborts as well:

debsums: Error: symlink loop detected in path 'etc/w3m/mailcap'. Please file a bug against w3m.
# 963 files


   * What outcome did you expect instead?

Checking all files without aborting needlessly due to symlink loop
that wasn't real.

Suggested (still annotated) fix. Did work ok for my mangled w3m 
and also detected/aborted correctly for a few intentional symlink
loops I created in addition:

--- debsumsmod 2020-07-10 13:16:15.366509726 +0200
+++ debsums 2020-05-21 23:15:27.000000000 +0200
@@ -476,20 +476,9 @@
             die "$self: Error: symlink loop detected in path '$path'. ",
                 "Please file a bug against $package.\n";
         }
-        # $seen{$fp} = 1; # BUG: this detects non-loops as soon as we have
-                          # absolute symlinks that shares a prefix
-                          # with a %seen. e.g. 
-                          # /lib/security -> /lib/x86_64/security
-                          # with path /lib/x86_64/security/pam_ecryptfs.so
-                          # after reading the link with $fp=//lib for
-                          # the second time, making debsums abort.
+        $seen{$fp} = 1;
         if (-l $fp) {
             my $link = readlink($fp);
-            # to FIX the bug, remember only the links we read, if we
-            # see the same readlink output twice, it's a loop
-            # tested OK for my case, as well as aborts on relative and absolute
-            # symlink loops of type a->a or  a/a->/etc/a w or w/o intermediate symlinks)
-            $seen{$fp} = 1;   
             @parts = () if $link =~ /^\//;
             unshift @tokens, split(/\//, $link);
         } else {

This now completes without errors and does see all checksummed files, e.g. on Bullseye:

debsumsmod -e | wc -l
1063 


*** End of the template - remove these template lines ***


-- System Information:
Debian Release: bullseye/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.2.98-custom (SMP w/4 CPU cores)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE
Locale: LANG=C.UTF-8, LC_CTYPE=C (charmap=ANSI_X3.4-1968) (ignored: LC_ALL set to C), LANGUAGE=C (charmap=ANSI_X3.4-1968) (ignored: LC_ALL set to C)
Shell: /bin/sh linked to /bin/dash
Init: unable to detect

Versions of packages debsums depends on:
ii  libdpkg-perl          1.19.7
ii  libfile-fnmatch-perl  0.02-2+b7
ii  perl                  5.30.3-4
ii  ucf                   3.0043

debsums recommends no packages.

debsums suggests no packages.

-- no debconf information


-- 
cu
Peter
jakobi at acm.org
member 1702 of abibliophobes anonymous

More information about the pkg-perl-maintainers mailing list