Tries to start sshd on port 1022 even in chroot, crashes if unable
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ubuntu-release-upgrader (Ubuntu) |
Triaged
|
Medium
|
Unassigned |
Bug Description
When running do-release-upgrade inside a chroot, it insists on starting an emergency sshd on port 1022. If it’s not possible, for the likely reason that openssh-server is not installed inside the chroot, the upgrade process crashes.
In a chroot environment, starting such an sshd is not needed because there’s supposed to be one outside the chroot which the upgrade process shouldn’t be able to affect; also it’s a security issue because permissions inside the chroot may be lax due to the fact one needs to be root to get into the chroot in the first place (for example, I have an Ubuntu chroot environment on a Debian stable server for experimenting; I’ve given my user sudo NOPASSWD privileges, which is in itself safe but becomes a liability when the port 1022 sshd launches inside the chroot).
Given that the DistUpgrade module already has inside_chroot() detection function, I suggest that the module only perform its _sshMagic() if no chroot is detected. Additionally, I suggest a command-line option to disable the port 1022 sshd if the administrator so desires.
ProblemType: Bug
DistroRelease: Ubuntu 14.10
Package: python3-distupgrade 1:14.10.9
ProcVersionSign
Uname: Linux 3.16.0-25-generic i686
NonfreeKernelMo
ApportVersion: 2.14.7-0ubuntu8
Architecture: i386
CrashDB: ubuntu
CurrentDesktop: KDE
Date: Sat Dec 6 13:27:54 2014
PackageArchitec
SourcePackage: ubuntu-
UpgradeStatus: Upgraded to utopic on 2014-11-30 (5 days ago)
Changed in ubuntu-release-upgrader (Ubuntu): | |
status: | New → Triaged |
importance: | Undecided → Medium |
tags: | added: vivid |