Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 796815 - app-admin/github-backup-utils[test]: leaks systemd service stop requests to system
Summary: app-admin/github-backup-utils[test]: leaks systemd service stop requests to s...
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: William Hubbs
Depends on:
Reported: 2021-06-20 07:40 UTC by Michał Górny
Modified: 2021-06-20 15:46 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2021-06-20 07:40:51 UTC
While running the test suite, I repeatedly get a GUI window asking me for root password in order to 'stop consul.service'.  Sounds like a major command leak. 
 Not that I'm running such a service.
Comment 1 Mike Gilbert gentoo-dev 2021-06-20 15:40:22 UTC
Several tests call "ghe-restore", which calls "ssh ... sudo systemctl stop consul".

As well, the tests use a wrapper script for ssh that removes any "sudo" calls and runs the commands locally.

The end result is that "systemctl stop consul" gets executed directly as the portage user, which triggers a polkit prompt if portage is not running as root.
Comment 2 Mike Gilbert gentoo-dev 2021-06-20 15:46:05 UTC
ghe-restore attempts to perform many privileged operations, and it doesn't look like it was really designed for use in an isolated test environment.

I would recommend masking the test USE flag until/unless the tests can be made more safe for general use.