Devuan bug report logs - #498
libc6: Permission denied, intermittent in execve

Package: libc6; Reported by: Alessandro Vesely <[email protected]>; Keywords: debian; merged with #497; Forwarded to https://bugs.debian.org/966343; Maintainer for libc6 is (unknown).

Message received at [email protected]:

Date: Wed, 29 Jul 2020 00:14:54 +0200
From: Aurelien Jarno <[email protected]>
To: Alessandro Vesely <[email protected]>, [email protected]
Cc: [email protected]
Subject: Re: Bug#966343: bug#498: libc6: Permission denied, intermittent in
 execve
Message-ID: <[email protected]>
References: <[email protected]>
 <[email protected]>
 <[email protected]>
 <[email protected]>
 <[email protected]>
 <20200727101344.wovj4a2l4g4xb2hk@function>
 <20200727101344.wovj4a2l4g4xb2hk@function>
 <[email protected]>
 <[email protected]>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <[email protected]>
User-Agent: Mutt/1.14.0 (2020-05-02)

Hi,

On 2020-07-27 19:01, Alessandro Vesely wrote:
> On Mon, 27 Jul 2020 12:13:44 +0200 Samuel Thibault <[email protected]> wrote:
> > Alessandro Vesely, le lun. 27 juil. 2020 11:47:34 +0200, a ecrit:
> > > So this turns out to be a documentation bug.  The execve man page should mention that EACCESS can result as an (unforeseen) apparmor impediment.
> > 
> > Well, basically all system calls would then need this...
> 
> 
> Yeah, likely.  How many man pages have snippets like "[...] denied for one of the directories in the path [...]"?
>
> Yet, considering the following examples, they seem to have been written manually rather than resorting to some sort of script:

There are many syscalls that might end up returning EACCESS. Mapping
them to the corresponding libc functions might not be always fully
linear.

[snip]

> Philip Couling commented that the man page /could/ mention security extensions since they are prevelent. See:
> https://unix.stackexchange.com/questions/600174/identical-execve-causes-permission-denied-for-one-program-but-not-another/600529#comment1121270_600529
> 
> For execve, for example, one could add that permissions are not derived from file flags only.  For example:
> 
> OLD:
> 
>        EACCES Execute permission is denied for the file or a script or ELF interpreter.
> 
> NEW:
> 
>        EACCES Execute permission for the file or a script or ELF interpreter is denied either by flags or by security modules.
> 
> 
> Would that be correct?  Do all "DENIED" operations result in EACCES?  And what do other security modules do?  Hmm...  Starting to document that mess from the point of view of programs getting such failure codes would allow better logging and better troubleshooting.

That seems correct for apparmor (although it can also return ENOENT in
case of race condition), not sure about other security modules. seccomp
just kills the process, not sure you want to mention that in every
possible manpages.

In any case this is now out of scope for the glibc package, so I am
closing the bug. If you feel that the doc needs to be updated, please
open a bug against the corresponding package.

Regards,
Aurelien

-- 
Aurelien Jarno                          GPG: 4096R/1DDD8C9B
[email protected]                 http://www.aurel32.net

Acknowledgement sent to Aurelien Jarno <[email protected]>:
Extra info received and forwarded to list. Copy sent to [email protected]. Full text available.

Information forwarded to [email protected], [email protected]:
bug#498; Package libc6. Full text available.

Message received at [email protected]:

To: [email protected]
References: <[email protected]>
 <[email protected]>
 <[email protected]>
 <[email protected]>
 <[email protected]>
 <20200727101344.wovj4a2l4g4xb2hk@function>
 <20200727101344.wovj4a2l4g4xb2hk@function>
Subject: Re: Bug#966343: bug#498: libc6: Permission denied, intermittent in
 execve
From: Alessandro Vesely <[email protected]>
Cc: [email protected]
Message-ID: <[email protected]>
Date: Mon, 27 Jul 2020 19:01:13 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101
 Thunderbird/68.10.0
MIME-Version: 1.0
In-Reply-To: <20200727101344.wovj4a2l4g4xb2hk@function>
Content-Type: text/plain; charset=us-ascii
Content-Language: en-US
Content-Transfer-Encoding: 7bit

On Mon, 27 Jul 2020 12:13:44 +0200 Samuel Thibault <[email protected]> wrote:
> Alessandro Vesely, le lun. 27 juil. 2020 11:47:34 +0200, a ecrit:
> > So this turns out to be a documentation bug.  The execve man page should mention that EACCESS can result as an (unforeseen) apparmor impediment.
> 
> Well, basically all system calls would then need this...


Yeah, likely.  How many man pages have snippets like "[...] denied for one of the directories in the path [...]"?

Yet, considering the following examples, they seem to have been written manually rather than resorting to some sort of script:


       EACCES The requested access to the file is not allowed, or search permission is denied for one of the directories in the  path
              prefix  of  pathname, or the file did not exist yet and write access to the parent directory is not allowed.  (See also
              path_resolution(7).)

       EACCES Search permission is denied on a component of the path prefix of filename or the name of a  script  interpreter.   (See
              also path_resolution(7).)

       EACCES Write access to the directory containing newpath is denied, or search permission is denied for one of  the  directories
              in the path prefix of oldpath or newpath.  (See also path_resolution(7).)

       EACCES Search permission is denied for a component of the path prefix, or the named file is not writable by  the  user.
              (See also path_resolution(7).)

       EACCES Search permission is denied on a component of the path prefix.  (See also path_resolution(7).)


Philip Couling commented that the man page /could/ mention security extensions since they are prevelent. See:
https://unix.stackexchange.com/questions/600174/identical-execve-causes-permission-denied-for-one-program-but-not-another/600529#comment1121270_600529

For execve, for example, one could add that permissions are not derived from file flags only.  For example:

OLD:

       EACCES Execute permission is denied for the file or a script or ELF interpreter.

NEW:

       EACCES Execute permission for the file or a script or ELF interpreter is denied either by flags or by security modules.


Would that be correct?  Do all "DENIED" operations result in EACCES?  And what do other security modules do?  Hmm...  Starting to document that mess from the point of view of programs getting such failure codes would allow better logging and better troubleshooting.


Best
Ale

Acknowledgement sent to Alessandro Vesely <[email protected]>:
Extra info received and forwarded to list. Copy sent to [email protected]. Full text available.

Information forwarded to [email protected], [email protected]:
bug#498; Package libc6. Full text available.

Message received at [email protected]:

Received: (at 498) by bugs.devuan.org; 27 Jul 2020 10:20:13 +0000
Return-Path: <[email protected]>
Delivered-To: [email protected]
Received: from tupac3.dyne.org [195.169.149.119]
	by doc.devuan.org with IMAP (fetchmail-6.4.0.beta4)
	for <debbugs@localhost> (single-drop); Mon, 27 Jul 2020 10:20:12 +0000 (UTC)
Received: from hera.aquilenet.fr (hera.aquilenet.fr [185.233.100.1])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by vm6.ganeti.dyne.org (Postfix) with ESMTPS id 4717CF60B00
	for <[email protected]>; Mon, 27 Jul 2020 12:13:48 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
	by hera.aquilenet.fr (Postfix) with ESMTP id 93BDA96FE;
	Mon, 27 Jul 2020 12:13:46 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at aquilenet.fr
Received: from hera.aquilenet.fr ([127.0.0.1])
	by localhost (hera.aquilenet.fr [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id AhiH7Du3Bw43; Mon, 27 Jul 2020 12:13:46 +0200 (CEST)
Received: from function (lfbn-bor-1-797-11.w86-234.abo.wanadoo.fr [86.234.239.11])
	by hera.aquilenet.fr (Postfix) with ESMTPSA id ED57F96DF;
	Mon, 27 Jul 2020 12:13:45 +0200 (CEST)
Received: from samy by function with local (Exim 4.94)
	(envelope-from <[email protected]>)
	id 1k008e-003kur-QM; Mon, 27 Jul 2020 12:13:44 +0200
Date: Mon, 27 Jul 2020 12:13:44 +0200
From: Samuel Thibault <[email protected]>
To: Alessandro Vesely <[email protected]>, [email protected]
Cc: Mark Hindley <[email protected]>, [email protected]
Subject: Re: Bug#966343: bug#498: libc6: Permission denied, intermittent in
 execve
Message-ID: <20200727101344.wovj4a2l4g4xb2hk@function>
References: <[email protected]>
 <[email protected]>
 <[email protected]>
 <[email protected]>
 <[email protected]>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <[email protected]>
Organization: I am not organized
User-Agent: NeoMutt/20170609 (1.8.3)
X-Spam-Status: No, score=-0.0 required=5.0 tests=SPF_HELO_PASS
	autolearn=disabled version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on tupac3.dyne.org

Alessandro Vesely, le lun. 27 juil. 2020 11:47:34 +0200, a ecrit:
> So this turns out to be a documentation bug.  The execve man page should mention that EACCESS can result as an (unforeseen) apparmor impediment.

Well, basically all system calls would then need this...

Samuel

Acknowledgement sent to Samuel Thibault <[email protected]>:
Extra info received and forwarded to list. Copy sent to [email protected]. Full text available.

Information forwarded to [email protected], [email protected]:
bug#498; Package libc6. Full text available.

Message received at [email protected]:

Received: (at 498) by bugs.devuan.org; 27 Jul 2020 10:00:01 +0000
Return-Path: <[email protected]>
Delivered-To: [email protected]
Received: from tupac3.dyne.org [195.169.149.119]
	by doc.devuan.org with IMAP (fetchmail-6.4.0.beta4)
	for <debbugs@localhost> (single-drop); Mon, 27 Jul 2020 10:00:01 +0000 (UTC)
Received: from mx.hindley.org.uk (mohindley.plus.com [81.174.245.179])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by vm6.ganeti.dyne.org (Postfix) with ESMTPS id 201D5F60C32
	for <[email protected]>; Mon, 27 Jul 2020 11:53:18 +0200 (CEST)
Received: from apollo.hindleynet ([192.168.1.3] helo=hindley.org.uk)
	by mx.hindley.org.uk with smtp (Exim 4.84_2)
	(envelope-from <[email protected]>)
	id 1jzzoq-0003A8-Vo; Mon, 27 Jul 2020 10:53:17 +0100
Received: (nullmailer pid 571 invoked by uid 1000);
	Mon, 27 Jul 2020 09:53:16 -0000
Date: Mon, 27 Jul 2020 10:53:16 +0100
From: Mark Hindley <[email protected]>
To: Alessandro Vesely <[email protected]>
Cc: [email protected], [email protected]
Subject: Re: bug#498: libc6: Permission denied, intermittent in execve
Message-ID: <[email protected]>
References: <[email protected]>
 <[email protected]>
 <[email protected]>
 <[email protected]>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <[email protected]>
User-Agent: Mutt/1.10.1 (2018-07-13)
X-Spam-Status: No, score=-0.0 required=5.0 tests=SPF_PASS autolearn=disabled
	version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on tupac3.dyne.org

On Mon, Jul 27, 2020 at 11:47:34AM +0200, Alessandro Vesely wrote:
> > However, one thought that occurs to me is whether apparmor is causing this? Does
> > disabling it[1] restore predictable behaviour?
> 
> Bingo!
> 
> Jul 27 09:47:25 pcale kernel: [ 1569.887279] audit: type=1400 audit(1595836045.642:33): apparmor="DENIED" operation="exec" profile="thunderbird" name="/opt/lib
> reoffice6.4/program/soffice" pid=5402 comm="gio-launch-desk" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0
> 
> I dunno how come apparmor got installed.  Probably it happened when I upgraded
> to Beowulf.

Yes, it is now the default in Debian buster and Devuan beowulf has inherited
that.

Mark

Acknowledgement sent to Mark Hindley <[email protected]>:
Extra info received and forwarded to list. Copy sent to [email protected]. Full text available.

Information forwarded to [email protected], [email protected]:
bug#498; Package libc6. Full text available.

Message received at [email protected]:

Received: (at 498) by bugs.devuan.org; 27 Jul 2020 09:50:23 +0000
Return-Path: <[email protected]>
Delivered-To: [email protected]
Received: from tupac3.dyne.org [195.169.149.119]
	by doc.devuan.org with IMAP (fetchmail-6.4.0.beta4)
	for <debbugs@localhost> (single-drop); Mon, 27 Jul 2020 09:50:23 +0000 (UTC)
Received: from wmail.tana.it (wmail.tana.it [62.94.243.226])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by vm6.ganeti.dyne.org (Postfix) with UTF8SMTPS id D6C5AF60C32
	for <[email protected]>; Mon, 27 Jul 2020 11:47:35 +0200 (CEST)
Authentication-Results: vm6.ganeti.dyne.org;
	dkim=pass (1152-bit key; secure) header.d=tana.it [email protected] header.b="A6kMLst2";
	dkim-atps=neutral
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tana.it; s=delta;
	t=1595843255; bh=M1w3YBJGQluH11gn/N+C1Zi8PYChlxHGILJQ3x5KySM=;
	l=1391; h=To:References:From:Date:In-Reply-To;
	b=A6kMLst2zCCIa7U8NxwBLcfKFUIML9u5lPUS9uIjHwhXb7SjFwz3w8kWNrHyYeLOQ
	 B19W5bX9UFXIycht3ajcO8Qt7OctMUVgWViAvTvdlpSi0t3k+tN24xDZAZHPRdB5n1
	 OAWAsQa9OEg6IWTkLnPqGsyHCRgupXkxTH5R1xkVfyOTh+OlNQkG1CAsFwJ2E
Authentication-Results: tana.it; auth=pass (details omitted)
Received: from [172.25.197.111] (pcale.tana [172.25.197.111])
  (AUTH: CRAM-MD5 uXDGrn@SYT0/k, TLS: TLS1.3,128bits,ECDHE_RSA_AES_128_GCM_SHA256)
  by wmail.tana.it with ESMTPSA
  id 00000000005DC056.000000005F1EA2B7.00007DA7; Mon, 27 Jul 2020 11:47:35 +0200
Subject: Re: bug#498: libc6: Permission denied, intermittent in execve
To: Mark Hindley <[email protected]>, [email protected],
  [email protected]
References: <[email protected]>
 <[email protected]>
 <[email protected]>
From: Alessandro Vesely <[email protected]>
Message-ID: <[email protected]>
Date: Mon, 27 Jul 2020 11:47:34 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101
 Thunderbird/68.10.0
MIME-Version: 1.0
In-Reply-To: <[email protected]>
Content-Type: text/plain; charset=us-ascii
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-Spam-Status: No, score=-2.5 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
	DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,RCVD_IN_MSPIKE_H3,
	RCVD_IN_MSPIKE_WL,SPF_HELO_PASS,SPF_PASS autolearn=disabled
	version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on tupac3.dyne.org

Hi Mark,

On Mon 27/Jul/2020 11:14:01 +0200 Mark Hindley wrote:
> On Mon, Jul 27, 2020 at 10:32:15AM +0200, Alessandro Vesely wrote:
>> Package: libc6
>> Version: GNU C Library (Debian GLIBC 2.28-10) stable release version 2.28.
>> Severity: normal
>> 
>> in certain situations, execve fails setting errno to EACCESS.  The same
>> program, launched by the same user in different ways, succeeds or fails
>> according to preceding actions.
> 
> Thanks for this. As you have realised, libc6 is a Debian package that Devuan
> uses directly without recompilation so this issue is correctly dealt with in
> Debian's BTS.
> 
> However, one thought that occurs to me is whether apparmor is causing this? Does
> disabling it[1] restore predictable behaviour?


Bingo!

Jul 27 09:47:25 pcale kernel: [ 1569.887279] audit: type=1400 audit(1595836045.642:33): apparmor="DENIED" operation="exec" profile="thunderbird" name="/opt/lib
reoffice6.4/program/soffice" pid=5402 comm="gio-launch-desk" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0

I dunno how come apparmor got installed.  Probably it happened when I upgraded to Beowulf.

After aa-teardown and purging apparmor, execve works as expected.

So this turns out to be a documentation bug.  The execve man page should mention that EACCESS can result as an (unforeseen) apparmor impediment.


Thank you so much
Ale

Acknowledgement sent to Alessandro Vesely <[email protected]>:
Extra info received and forwarded to list. Copy sent to [email protected]. Full text available.

Information forwarded to [email protected], [email protected]:
bug#498; Package libc6. Full text available.

Marked as found in versions 2.28-10. Request was from Mark Hindley <[email protected]> to [email protected]. Full text available.

Set bug forwarded-to-address to 'https://bugs.debian.org/966343'. Request was from Mark Hindley <[email protected]> to [email protected]. Full text available.

Added tag(s) debian. Request was from Mark Hindley <[email protected]> to [email protected]. Full text available.

Merged 497 498 Request was from Mark Hindley <[email protected]> to [email protected]. Full text available.

Message received at [email protected]:

Received: (at 498) by bugs.devuan.org; 27 Jul 2020 09:20:12 +0000
Return-Path: <[email protected]>
Delivered-To: [email protected]
Received: from tupac3.dyne.org [195.169.149.119]
	by doc.devuan.org with IMAP (fetchmail-6.4.0.beta4)
	for <debbugs@localhost> (single-drop); Mon, 27 Jul 2020 09:20:12 +0000 (UTC)
Received: from mx.hindley.org.uk (mohindley.plus.com [81.174.245.179])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by vm6.ganeti.dyne.org (Postfix) with ESMTPS id CD493F60B8A
	for <[email protected]>; Mon, 27 Jul 2020 11:14:03 +0200 (CEST)
Received: from apollo.hindleynet ([192.168.1.3] helo=hindley.org.uk)
	by mx.hindley.org.uk with smtp (Exim 4.84_2)
	(envelope-from <[email protected]>)
	id 1jzzCr-0002w4-HG; Mon, 27 Jul 2020 10:14:01 +0100
Received: (nullmailer pid 31961 invoked by uid 1000);
	Mon, 27 Jul 2020 09:14:01 -0000
Date: Mon, 27 Jul 2020 10:14:01 +0100
From: Mark Hindley <[email protected]>
To: Alessandro Vesely <[email protected]>, [email protected]
Subject: Re: bug#498: libc6: Permission denied, intermittent in execve
Message-ID: <[email protected]>
References: <[email protected]>
 <[email protected]>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <[email protected]>
X-Debbugs-No-Ack: No Thanks
User-Agent: Mutt/1.10.1 (2018-07-13)
X-Spam-Status: No, score=-0.0 required=5.0 tests=SPF_PASS autolearn=disabled
	version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on tupac3.dyne.org

Control: forcemerge 498 497
Control: tags -1 debian
Control: forwarded -1 https://bugs.debian.org/966343

Alessandro

On Mon, Jul 27, 2020 at 10:32:15AM +0200, Alessandro Vesely wrote:
> Package: libc6
> Version: GNU C Library (Debian GLIBC 2.28-10) stable release version 2.28.
> Severity: normal
> 
> 
> -------- Forwarded Message --------
> Subject: libc6: Permission denied, intermittent in execve
> Date: Mon, 27 Jul 2020 10:25:27 +0200
> From: Alessandro Vesely <[email protected]>
> To: Devuan Bug Tracking System <[email protected]>
> 
> 
> Dear Maintainer,
> 
> in certain situations, execve fails setting errno to EACCESS.  The same
> program, launched by the same user in different ways, succeeds or fails
> according to preceding actions.

Thanks for this. As you have realised, libc6 is a Debian package that Devuan
uses directly without recompilation so this issue is correctly dealt with in
Debian's BTS.

However, one thought that occurs to me is whether apparmor is causing this? Does
disabling it[1] restore predictable behaviour?

Thanks.

Mark


[1]  https://wiki.debian.org/AppArmor/HowToUse#Diagnose_if_a_bug_might_have_been_caused_by_AppArmor

Information forwarded to [email protected], [email protected]:
bug#498; Package libc6. Full text available.

Message received at [email protected]:

Received: (at submit) by bugs.devuan.org; 27 Jul 2020 08:40:13 +0000
Return-Path: <[email protected]>
Delivered-To: [email protected]
Received: from tupac3.dyne.org [195.169.149.119]
	by doc.devuan.org with IMAP (fetchmail-6.4.0.beta4)
	for <debbugs@localhost> (single-drop); Mon, 27 Jul 2020 08:40:13 +0000 (UTC)
Received: from wmail.tana.it (wmail.tana.it [62.94.243.226])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by vm6.ganeti.dyne.org (Postfix) with UTF8SMTPS id C4944F60ACF
	for <[email protected]>; Mon, 27 Jul 2020 10:32:16 +0200 (CEST)
Authentication-Results: vm6.ganeti.dyne.org;
	dkim=pass (1152-bit key; secure) header.d=tana.it [email protected] header.b="CN9r887s";
	dkim-atps=neutral
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tana.it; s=delta;
	t=1595838735; bh=zC8GgG2OCI5+W/W4YcXYGCAFbHEHhoZfEyTck4VsPF0=;
	l=1573; h=References:To:Cc:From:Date:In-Reply-To;
	b=CN9r887spjYTEkNUAYUn8uQLJPSjHXm9mciyfVYhAr8mCqqWy3ZEcfOT8ApNweI1X
	 K/fhSKMLsrhgjC76PUed+tYDbFUlFvZDo5kMQoJgAU7MWIlw8SAMpbg4XQjF+E2Va0
	 5dK3Tbaw48bGCqlj0Sx5L2hZnjd7b1+MIhD2pKNDvQgeBM8mtkVB7GL79R4Z1
Authentication-Results: tana.it; auth=pass (details omitted)
Received: from [172.25.197.111] (pcale.tana [172.25.197.111])
  (AUTH: CRAM-MD5 uXDGrn@SYT0/k, TLS: TLS1.3,128bits,ECDHE_RSA_AES_128_GCM_SHA256)
  by wmail.tana.it with ESMTPSA
  id 00000000005DC0B4.000000005F1E910F.00007409; Mon, 27 Jul 2020 10:32:15 +0200
Subject: libc6: Permission denied, intermittent in execve
References: <[email protected]>
To: Debian Bug Tracking System <[email protected]>
Cc: Devuan Bug Tracking System <[email protected]>
From: Alessandro Vesely <[email protected]>
X-Forwarded-Message-Id: <[email protected]>
Message-ID: <[email protected]>
Date: Mon, 27 Jul 2020 10:32:15 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101
 Thunderbird/68.10.0
MIME-Version: 1.0
In-Reply-To: <[email protected]>
Content-Type: text/plain; charset=us-ascii
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-Spam-Status: No, score=-2.5 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
	DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,RCVD_IN_MSPIKE_H3,
	RCVD_IN_MSPIKE_WL,SPF_HELO_PASS,SPF_PASS autolearn=disabled
	version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on tupac3.dyne.org

Package: libc6
Version: GNU C Library (Debian GLIBC 2.28-10) stable release version 2.28.
Severity: normal


-------- Forwarded Message --------
Subject: libc6: Permission denied, intermittent in execve
Date: Mon, 27 Jul 2020 10:25:27 +0200
From: Alessandro Vesely <[email protected]>
To: Devuan Bug Tracking System <[email protected]>


Dear Maintainer,

in certain situations, execve fails setting errno to EACCESS.  The same
program, launched by the same user in different ways, succeeds or fails
according to preceding actions.

None of the failure conditions for EACCESS is met.

The case at hand happens with an old version of Thunderbird and a LibreOffice
attachment.  After saving the attachment, Thunderbird execs gio-launch-desktop.
The latter tries to exec libreoffice6.4 and fails.

I strace'd the full arguments used in the failed execve(), and copied them to a
simple C program which runs just that execve() call.  When called from the
command line, the program succeeds.  Then I replaced the gio-launch-desktop
executable with my straw men.  When called from Thunderbird, the program fails.

See also:
https://unix.stackexchange.com/questions/600174/permission-denied-intermittent-in-execve


-- System Information:
Distributor ID: Debian
Description:    Devuan GNU/Linux 3 (beowulf)
Release:        3
Codename:       beowulf
Architecture: x86_64

Kernel: Linux 4.19.0-9-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_IE.UTF-8, LC_CTYPE=en_IE.UTF-8 (charmap=UTF-8),
LANGUAGE=en_IE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Acknowledgement sent to Alessandro Vesely <[email protected]>:
New bug report received and forwarded. Copy sent to [email protected].

Your message had a Version: pseudo-header with an invalid package version:

GNU C Library (Debian GLIBC 2.28-10) stable release version 2.28.

please either use found or fixed to the control server with a correct version, or reply to this report indicating the correct version so the maintainer (or someone else) can correct it for you.

Full text available.

Report forwarded to [email protected], [email protected]:
bug#498; Package libc6. Full text available.

Devuan bug report logs - #498 libc6: Permission denied, intermittent in execve

Message received at [email protected]:

Message received at [email protected]:

Message received at [email protected]:

Message received at [email protected]:

Message received at [email protected]:

Message received at [email protected]:

Message received at [email protected]:

Devuan bug report logs - #498
libc6: Permission denied, intermittent in execve