New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
app code attempting to delete /var/lib/securedrop/store #5031
Comments
Reproducer in dev:
|
this is due to the use of
this is what is deleting |
Gonna update the test plan to cover this case. Good catch! |
os.renames will silently delete directories, from the docs [0]: After the rename, directories corresponding to rightmost path segments of the old name will be pruned away using removedirs(). This caused the deletion of /var/lib/securedrop/store in #5031 Instead, let's use a modified version of os.renames that doesn't prune. [0] https://docs.python.org/3/library/os.html#os.renames [1] https://github.com/python/cpython/blob/master/Lib/os.py#L250
os.renames will silently delete directories, from the docs [0]: After the rename, directories corresponding to rightmost path segments of the old name will be pruned away using removedirs(). This caused the deletion of /var/lib/securedrop/store in #5031 Instead, let's use a modified version of os.renames that doesn't prune. [0] https://docs.python.org/3/library/os.html#os.renames [1] https://github.com/python/cpython/blob/master/Lib/os.py#L250
os.renames will silently delete directories, from the docs [0]: After the rename, directories corresponding to rightmost path segments of the old name will be pruned away using removedirs(). This caused the deletion of /var/lib/securedrop/store in freedomofpress#5031 Instead, let's use a modified version of os.renames that doesn't prune. [0] https://docs.python.org/3/library/os.html#os.renames [1] https://github.com/python/cpython/blob/master/Lib/os.py#L250 (cherry picked from commit 1fccef1)
Description
When I'm deleting files I'm seeing an OSSEC alert indicating that the app code is trying to rm
/var/lib/securedrop/store
(which contains all submissions). It's being stopped thanks to an AppArmor denial but this means there's a potentially very destructive bug and we need to carefully investigate why this is happening.Expected behavior
No OSSEC alert
Actual behavior
Comments
I would first investigate this method as it was recently merged and is performing deletions:
securedrop/securedrop/store.py
Line 235 in 1d8484e
The text was updated successfully, but these errors were encountered: