Allow unsafe characters if invoked as qubes.UnsafeFileCopy #497

DemiMarie · 2024-05-09T23:35:10Z

This uses QREXEC_SERVICE_FULL_NAME to detect what the service was invoked as. Non-empty arguments are reserved for future use.

This requires QubesOS/qubes-linux-utils#113.

Part of QubesOS/qubes-issues#8332

qubes-rpc/qfile-unpacker.c

Fixes a compiler warning.

Previously various invalid arguments were silently ignored or misparsed.

According to the manual page, setfsuid() does not provide any indication of success or failure. The only way to check if it succeeded is to call it again with -1 as the UID and check the return value.

This should never happen.

No functional change.

qubesos-bot · 2024-05-17T05:42:20Z

OpenQA test summary

Complete test suite and dependencies: https://openqa.qubes-os.org/tests/overview?distri=qubesos&version=4.2&build=2024052002-4.2&flavor=pull-requests

New failures, excluding unstable

Compared to: https://openqa.qubes-os.org/tests/overview?distri=qubesos&version=4.2&build=2024051522-4.2&flavor=update

system_tests_basic_vm_qrexec_gui
- TC_00_Basic: test_120_start_standalone_with_cdrom_dom0 (failure)
  self.assertFalse(self.vm.is_runni... AssertionError: True is not false
system_tests_pvgrub_salt_storage
- TC_10_VMSalt_debian-12-xfce: test_000_simple_sls (failure)
  AssertionError: Salt command '['qubesctl', '--skip-dom0', '--show-o...
- TC_10_VMSalt_debian-12-xfce: test_001_multi_state_highstate (failure)
  AssertionError: Salt command '['qubesctl', '--skip-dom0', '--show-o...
- TC_10_VMSalt_debian-12-xfce: test_003_update (failure)
  AssertionError: Salt command '['qubesctl', '--skip-dom0', '--show-o...
- TC_10_VMSalt_debian-12-xfce: test_004_user_sls (failure)
  AssertionError: Salt command '['qubesctl', '--skip-dom0', '--show-o...
- TC_10_VMSalt_fedora-39-xfce: test_000_simple_sls (failure)
  AssertionError: Salt command '['qubesctl', '--skip-dom0', '--show-o...
- TC_10_VMSalt_fedora-39-xfce: test_001_multi_state_highstate (failure)
  AssertionError: Salt command '['qubesctl', '--skip-dom0', '--show-o...
- TC_10_VMSalt_fedora-39-xfce: test_003_update (failure)
  AssertionError: Salt command '['qubesctl', '--skip-dom0', '--show-o...
- TC_10_VMSalt_fedora-39-xfce: test_004_user_sls (failure)
  AssertionError: Salt command '['qubesctl', '--skip-dom0', '--show-o...
system_tests_guivm_gui_interactive
- update_post_templates: Failed (test died)
  # Test died: command '(set -o pipefail; qubesctl --skip-dom0 --show...
system_tests_network_updates
- TC_00_Dom0Upgrade_whonix-gateway-17: test_010_instal (failure)
  Error: Failed to download metadata for repo 'test': Cannot download...
system_tests_basic_vm_qrexec_gui_zfs
- switch_pool: Failed (test died)
  # Test died: command 'qvm-start sys-firewall sys-usb' failed at /us...

Failed tests

20 failures

system_tests_basic_vm_qrexec_gui
- TC_00_Basic: test_120_start_standalone_with_cdrom_dom0 (failure)
  self.assertFalse(self.vm.is_runni... AssertionError: True is not false
system_tests_pvgrub_salt_storage
- [unstable] TC_41_HVMGrub_fedora-39-xfce: test_000_standalone_vm (error)
  qubes.exc.QubesVMError: Cannot connect to qrexec agent for 120 seco...
- [unstable] TC_41_HVMGrub_fedora-39-xfce: test_010_template_based_vm (error)
  qubes.exc.QubesVMError: Cannot connect to qrexec agent for 120 seco...
- TC_10_VMSalt_debian-12-xfce: test_000_simple_sls (failure)
  AssertionError: Salt command '['qubesctl', '--skip-dom0', '--show-o...
- TC_10_VMSalt_debian-12-xfce: test_001_multi_state_highstate (failure)
  AssertionError: Salt command '['qubesctl', '--skip-dom0', '--show-o...
- TC_10_VMSalt_debian-12-xfce: test_003_update (failure)
  AssertionError: Salt command '['qubesctl', '--skip-dom0', '--show-o...
- TC_10_VMSalt_debian-12-xfce: test_004_user_sls (failure)
  AssertionError: Salt command '['qubesctl', '--skip-dom0', '--show-o...
- TC_10_VMSalt_fedora-39-xfce: test_000_simple_sls (failure)
  AssertionError: Salt command '['qubesctl', '--skip-dom0', '--show-o...
- TC_10_VMSalt_fedora-39-xfce: test_001_multi_state_highstate (failure)
  AssertionError: Salt command '['qubesctl', '--skip-dom0', '--show-o...
- TC_10_VMSalt_fedora-39-xfce: test_003_update (failure)
  AssertionError: Salt command '['qubesctl', '--skip-dom0', '--show-o...
- TC_10_VMSalt_fedora-39-xfce: test_004_user_sls (failure)
  AssertionError: Salt command '['qubesctl', '--skip-dom0', '--show-o...
system_tests_extra
- [unstable] TC_00_QVCTest_fedora-39-xfce: test_020_webcam (failure)
  AssertionError: 'qubes-video-companion webcam' exited early (0): b'...
- [unstable] TC_00_QVCTest_whonix-workstation-17: test_020_webcam (failure)
  AssertionError: 'qubes-video-companion webcam' exited early (0): b'...
system_tests_guivm_gui_interactive
- update_post_templates: Failed (test died)
  # Test died: command '(set -o pipefail; qubesctl --skip-dom0 --show...
system_tests_usbproxy
- [unstable] TC_20_USBProxy_core3_whonix-gateway-17: test_070_attach_not_installed_front (error)
  qubesusbproxy.core3ext.QubesUSBException: Device attach failed: 202...
system_tests_network_updates
- [unstable] TC_00_Dom0Upgrade_whonix-gateway-17: test_001_update_check (failure)
  self.assertTrue(self.app.domains[0].... AssertionError: '' is not true
- TC_00_Dom0Upgrade_whonix-gateway-17: test_010_instal (failure)
  Error: Failed to download metadata for repo 'test': Cannot download...
- [unstable] TC_11_QvmTemplateMgmtVM_whonix-gateway-17: test_000_template_list (failure)
  AssertionError: libvirt event impl drain timeout
- [unstable] TC_11_QvmTemplateMgmtVM_whonix-gateway-17: test_010_template_install (failure)
  qvm-template: error: Template 'debian-12-minimal' not found.
system_tests_basic_vm_qrexec_gui_zfs
- switch_pool: Failed (test died)
  # Test died: command 'qvm-start sys-firewall sys-usb' failed at /us...

Fixed failures

Compared to: https://openqa.qubes-os.org/tests/99767#dependencies

2 fixed

system_tests_splitgpg
- TC_10_Thunderbird_whonix-workstation-17: test_020_send_receive_inline_with_attachment (failure)
  dogtail.tree.SearchError: descendent of [application | Thunderbird]...
system_tests_extra
- TC_00_QVCTest_fedora-39-xfce: test_010_screenshare (failure)
  AssertionError: 9.245682312951294 not less than 2.0

Unstable tests

system_tests_basic_vm_qrexec_gui
TC_20_AudioVM_Pulse_whonix-workstation-17/test_220_audio_play_pulseaudio (1/5 times with errors)
- job 99696 AssertionError: too short audio, expected 10s, got 8.54371882086167...
TC_20_AudioVM_PipeWire_debian-12-xfce/test_250_audio_playback_audiovm_pipewire (1/5 times with errors)
- job 98601 AssertionError: only silence detected, no useful audio data
TC_20_AudioVM_Pulse_whonix-workstation-17/test_252_audio_playback_audiovm_switch_hvm (1/5 times with errors)
- job 99742 AssertionError: pacat for test-inst-vm1 (xid 82) running(False) in ...
system_tests_network
VmNetworking_debian-12-xfce/test_010_simple_proxyvm (1/5 times with errors)
- job 99274 subprocess.CalledProcessError: Command 'qubes.WaitForSession' retur...
system_tests_pvgrub_salt_storage
TC_41_HVMGrub_debian-12-xfce/test_000_standalone_vm (2/5 times with errors)
- job 99277 qubes.exc.QubesVMError: Cannot connect to qrexec agent for 120 seco...
- job 99754 qubes.exc.QubesVMError: Cannot connect to qrexec agent for 120 seco...
TC_41_HVMGrub_fedora-39-xfce/test_000_standalone_vm (4/5 times with errors)
- job 98613 qubes.exc.QubesVMError: Cannot connect to qrexec agent for 120 seco...
- job 99277 qubes.exc.QubesVMError: Cannot connect to qrexec agent for 120 seco...
- job 99708 qubes.exc.QubesVMError: Cannot connect to qrexec agent for 120 seco...
- job 99754 qubes.exc.QubesVMError: Cannot connect to qrexec agent for 120 seco...
TC_41_HVMGrub_debian-12-xfce/test_010_template_based_vm (1/5 times with errors)
- job 99277 qubes.exc.QubesVMError: Cannot connect to qrexec agent for 120 seco...
TC_41_HVMGrub_fedora-39-xfce/test_010_template_based_vm (4/5 times with errors)
- job 98613 qubes.exc.QubesVMError: Cannot connect to qrexec agent for 120 seco...
- job 99277 qubes.exc.QubesVMError: Cannot connect to qrexec agent for 120 seco...
- job 99708 qubes.exc.QubesVMError: Cannot connect to qrexec agent for 120 seco...
- job 99754 qubes.exc.QubesVMError: Cannot connect to qrexec agent for 120 seco...
system_tests_splitgpg
TC_10_Thunderbird_fedora-39-xfce/test_020_send_receive_inline_with_attachment (1/5 times with errors)
- job 99710 dogtail.tree.SearchError: child of [desktop frame | main]: "Thunder...
system_tests_extra
TC_00_InputProxy_fedora-39-xfce/test_000_simple_mouse (1/5 times with errors)
- job 99691 AssertionError: unexpectedly None : Device 'test-inst-input: Test i...
TC_00_QVCTest_debian-12-xfce/test_010_screenshare (1/5 times with errors)
- job 99737 AssertionError: 9.793200823132148 not less than 2.0
TC_00_QVCTest_debian-12-xfce/test_020_webcam (2/5 times with errors)
- job 99260 self.assertTrue(frame)... AssertionError: b'' is not true
- job 99691 AssertionError: 'qubes-video-companion webcam' exited early (0): b'...
TC_00_QVCTest_fedora-39-xfce/test_020_webcam (3/5 times with errors)
- job 99260 self.assertEqual(len(img1), len(img2))... AssertionError: 2359296 != 0
- job 99691 AssertionError: 'qubes-video-companion webcam' exited early (0): b'...
- job 99737 AssertionError: 'qubes-video-companion webcam' exited early (0): b'...
TC_00_QVCTest_whonix-gateway-17/test_020_webcam (2/5 times with errors)
- job 99292 AssertionError: 'qubes-video-companion webcam' exited early (0): b'...
- job 99691 AssertionError: 'qubes-video-companion webcam' exited early (0): b'...
TC_00_QVCTest_whonix-workstation-17/test_020_webcam (2/5 times with errors)
- job 98596 AssertionError: 'qubes-video-companion webcam' exited early (0): b'...
- job 99292 AssertionError: 'qubes-video-companion webcam' exited early (0): b'...
system_tests_usbproxy
TC_20_USBProxy_core3_whonix-gateway-17/test_070_attach_not_installed_front (1/5 times with errors)
- job 99730 qubesusbproxy.core3ext.QubesUSBException: Device attach failed: 202...
TC_20_USBProxy_core3_whonix-workstation-17/test_070_attach_not_installed_front (1/5 times with errors)
- job 98333 qubesusbproxy.core3ext.QubesUSBException: Device attach failed: 202...
TC_20_USBProxy_core3_debian-12-xfce/test_090_attach_stubdom (1/5 times with errors)
- job 98333 AssertionError: 1 != 0 : Device connection failed
TC_20_USBProxy_core3_fedora-39-xfce/test_090_attach_stubdom (1/5 times with errors)
- job 98333 AssertionError: 1 != 0 : Device connection failed
system_tests_qrexec
TC_00_Qrexec_whonix-gateway-17/test_055_qrexec_dom0_service_abort (1/5 times with errors)
- job 99755 AssertionError: Timeout, probably stdout wasn't closed
system_tests_network_updates
TC_10_QvmTemplate_debian-12-xfce/test_000_template_list (1/5 times with errors)
- job 99276 AssertionError: libvirt event impl drain timeout
TC_10_QvmTemplate_fedora-39-xfce/test_000_template_list (1/5 times with errors)
- job 99276 ^^^^^^^^^^^^^^^^^^^^^^... AssertionError
TC_10_QvmTemplate_whonix-gateway-17/test_000_template_list (1/5 times with errors)
- job 99276 ^^^^^^^^^^^^^^^^^^^^^^... AssertionError
TC_11_QvmTemplateMgmtVM_debian-12-xfce/test_000_template_list (1/5 times with errors)
- job 99276 ^^^^^^^^^^^^^^^^^^^^^^... AssertionError
TC_11_QvmTemplateMgmtVM_fedora-39-xfce/test_000_template_list (1/5 times with errors)
- job 99276 ^^^^^^^^^^^^^^^^^^^^^^... AssertionError
TC_11_QvmTemplateMgmtVM_whonix-gateway-17/test_000_template_list (1/5 times with errors)
- job 99276 ^^^^^^^^^^^^^^^^^^^^^^... AssertionError
TC_00_Dom0Upgrade_debian-12-xfce/test_001_update_check (1/5 times with errors)
- job 99707 self.assertFalse(self.app.domains[... AssertionError: '1' is not false
TC_00_Dom0Upgrade_fedora-39-xfce/test_001_update_check (1/5 times with errors)
- job 99707 self.assertFalse(self.app.domains[... AssertionError: '1' is not false
TC_00_Dom0Upgrade_whonix-gateway-17/test_001_update_check (2/5 times with errors)
- job 99276 self.assertTrue(self.app.domains[0].... AssertionError: '' is not true
- job 99707 self.assertFalse(self.app.domains[... AssertionError: '1' is not false
TC_10_QvmTemplate_debian-12-xfce/test_010_template_install (1/5 times with errors)
- job 99276 ^^^^^^^^^^^^^^^^^^^^^^... AssertionError
TC_10_QvmTemplate_fedora-39-xfce/test_010_template_install (2/5 times with errors)
- job 97631 AssertionError: libvirt event impl drain timeout
- job 99276 ^^^^^^^^^^^^^^^^^^^^^^... AssertionError
TC_10_QvmTemplate_whonix-gateway-17/test_010_template_install (1/5 times with errors)
- job 99276 ^^^^^^^^^^^^^^^^^^^^^^... AssertionError
TC_11_QvmTemplateMgmtVM_debian-12-xfce/test_010_template_install (1/5 times with errors)
- job 99276 ^^^^^^^^^^^^^^^^^^^^^^... AssertionError
TC_11_QvmTemplateMgmtVM_fedora-39-xfce/test_010_template_install (1/5 times with errors)
- job 99276 ^^^^^^^^^^^^^^^^^^^^^^... AssertionError
TC_11_QvmTemplateMgmtVM_whonix-gateway-17/test_010_template_install (1/5 times with errors)
- job 99276 ^^^^^^^^^^^^^^^^^^^^^^... AssertionError
VmUpdates_debian-12-xfce/test_130_no_network_qubes_vm_update (1/5 times with errors)
- job 99276 AssertionError: qubes-vm-update return unexpected code: 5 in (1, 2)
VmUpdates_fedora-39-xfce/test_130_no_network_qubes_vm_update (1/5 times with errors)
- job 99276 AssertionError: qubes-vm-update return unexpected code: 5 in (1, 2)
system_tests_dispvm
TC_20_DispVM_whonix-workstation-17/test_030_edit_file (1/5 times with errors)
- job 99747 AssertionError: Timeout while waiting for disp[0-9]* window to show
TC_20_DispVM_fedora-39-xfce/test_100_open_in_dispvm (3/5 times with errors)
- job 98606 AssertionError: Timeout waiting for editor window
- job 99270 AssertionError: './open-file test.txt' failed with ./open-file test...
- job 99293 AssertionError: Timeout waiting for editor window
system_tests_basic_vm_qrexec_gui_btrfs
TC_20_AudioVM_Pulse_whonix-workstation-17-pool/test_220_audio_play_pulseaudio (1/5 times with errors)
- job 97621 AssertionError: only silence detected, no useful audio data
TC_20_AudioVM_Pulse_whonix-workstation-17-pool/test_222_audio_rec_unmuted_pulseaudio (1/5 times with errors)
- job 97621 AssertionError: only silence detected, no useful audio data
TC_20_AudioVM_Pulse_debian-12-xfce-pool/test_223_audio_play_hvm (1/5 times with errors)
- job 97621 AssertionError: only silence detected, no useful audio data
TC_20_AudioVM_Pulse_fedora-39-xfce-pool/test_223_audio_play_hvm (1/5 times with errors)
- job 97621 AssertionError: only silence detected, no useful audio data
TC_20_AudioVM_Pulse_fedora-39-xfce-pool/test_225_audio_rec_unmuted_hvm (1/5 times with errors)
- job 97621 AssertionError: only silence detected, no useful audio data
TC_20_AudioVM_Pulse_whonix-workstation-17-pool/test_252_audio_playback_audiovm_switch_hvm (1/5 times with errors)
- job 99743 AssertionError: pacat for test-inst-vm1 (xid 86) running(False) in ...
system_tests_basic_vm_qrexec_gui_ext4
TC_20_AudioVM_Pulse_whonix-workstation-17-pool/test_252_audio_playback_audiovm_switch_hvm (1/4 times with errors)
- job 99744 AssertionError: pacat for test-inst-vm1 (xid 85) running(False) in ...
system_tests_basic_vm_qrexec_gui@hw1
TC_20_AudioVM_Pulse_whonix-workstation-17/test_220_audio_play_pulseaudio (1/5 times with errors)
- job 99696 AssertionError: too short audio, expected 10s, got 8.54371882086167...
TC_20_AudioVM_PipeWire_debian-12-xfce/test_250_audio_playback_audiovm_pipewire (1/5 times with errors)
- job 98601 AssertionError: only silence detected, no useful audio data
TC_20_AudioVM_Pulse_whonix-workstation-17/test_252_audio_playback_audiovm_switch_hvm (1/5 times with errors)
- job 99742 AssertionError: pacat for test-inst-vm1 (xid 82) running(False) in ...
system_tests_basic_vm_qrexec_gui_xfs
TC_20_NonAudio_fedora-39-xfce-pool/test_000_start_shutdown (1/5 times with errors)
- job 99268 raise exceptions.TimeoutError() from exc... TimeoutError
TC_20_AudioVM_Pulse_fedora-39-xfce-pool/test_220_audio_play_pulseaudio (1/5 times with errors)
- job 99268 raise exceptions.TimeoutError() from exc... TimeoutError
TC_20_AudioVM_Pulse_debian-12-xfce-pool/test_223_audio_play_hvm (1/5 times with errors)
- job 99268 AssertionError: only silence detected, no useful audio data
TC_20_AudioVM_Pulse_whonix-workstation-17-pool/test_252_audio_playback_audiovm_switch_hvm (1/5 times with errors)
- job 99745 AssertionError: pacat for test-inst-vm1 (xid 86) running(False) in ...
system_tests_basic_vm_qrexec_gui_zfs
TC_20_AudioVM_Pulse_debian-12-xfce-pool/test_223_audio_play_hvm (2/5 times with errors)
- job 98335 AssertionError: only silence detected, no useful audio data
- job 99686 AssertionError: only silence detected, no useful audio data
TC_20_AudioVM_Pulse_fedora-39-xfce-pool/test_223_audio_play_hvm (1/5 times with errors)
- job 98335 AssertionError: only silence detected, no useful audio data
TC_20_AudioVM_Pulse_fedora-39-xfce-pool/test_225_audio_rec_unmuted_hvm (1/5 times with errors)
- job 98335 AssertionError: only silence detected, no useful audio data
TC_20_AudioVM_Pulse_whonix-workstation-17-pool/test_252_audio_playback_audiovm_switch_hvm (1/5 times with errors)
- job 99758 AssertionError: pacat for test-inst-vm1 (xid 86) running(False) in ...

marmarek

This PR is missing actually introducing qubes.UnsafeFilecopy service. And also changing qvm-copy to choose service based on files to be copied (see QubesOS/qubes-issues#8332 (comment))

There is no good reason not to use these flags.

This requires QubesOS/qubes-linux-utils#113. It also adds a new argument parser based on getopt_long(), which is used instead of the old hand-rolled code unless there are at least two arguments and the first one starts with an ASCII digit. Part of QubesOS/qubes-issues#8332

This is mostly identical to qubes.Filecopy, but it skips character set checking. In the future, this might be replaced by arguments to the qubes.Filecopy service, but for now, the explicit "Unsafe" in the service name is easier for users to understand.

marmarek requested changes May 10, 2024

View reviewed changes

qubes-rpc/qfile-unpacker.c Outdated Show resolved Hide resolved

DemiMarie force-pushed the less-safe-unpack branch from ed6aa8c to 95a30dd Compare May 14, 2024 02:02

marmarek requested changes May 14, 2024

View reviewed changes

qubes-rpc/qfile-unpacker.c Outdated Show resolved Hide resolved

DemiMarie added 5 commits May 14, 2024 20:00

Make prepare_creds_return_dir() static

2b05340

Fixes a compiler warning.

Validate user ID arguments

15a4243

Previously various invalid arguments were silently ignored or misparsed.

Correctly check for success of setfsuid()

6ac6fc9

According to the manual page, setfsuid() does not provide any indication of success or failure. The only way to check if it succeeded is to call it again with -1 as the UID and check the return value.

Exit if getpwuid() returned entry for wrong user

702467a

This should never happen.

Explain why the return value of mkdir() is ignored

a3447da

No functional change.

DemiMarie force-pushed the less-safe-unpack branch from 95a30dd to 9d625db Compare May 15, 2024 00:55

DemiMarie requested a review from marmarek May 15, 2024 00:56

marmarek added the openqa-pending label May 17, 2024

marmarek added openqa-pending and removed openqa-pending labels May 17, 2024

marmarek requested changes May 20, 2024

View reviewed changes

DemiMarie marked this pull request as draft May 20, 2024 21:14

DemiMarie added 3 commits May 20, 2024 21:02

Use O_CLOEXEC | O_NOCTTY to open a directory

04d2561

There is no good reason not to use these flags.

Add qubes.UnsafeFileCopy service

a95d3e9

This is mostly identical to qubes.Filecopy, but it skips character set checking. In the future, this might be replaced by arguments to the qubes.Filecopy service, but for now, the explicit "Unsafe" in the service name is easier for users to understand.

DemiMarie force-pushed the less-safe-unpack branch from 9d625db to a95d3e9 Compare May 21, 2024 01:03

marmarek removed the openqa-pending label May 22, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Allow unsafe characters if invoked as qubes.UnsafeFileCopy #497

Allow unsafe characters if invoked as qubes.UnsafeFileCopy #497

DemiMarie commented May 9, 2024 •

edited

qubesos-bot commented May 17, 2024 •

edited

marmarek left a comment

Allow unsafe characters if invoked as qubes.UnsafeFileCopy #497

Are you sure you want to change the base?

Allow unsafe characters if invoked as qubes.UnsafeFileCopy #497

Conversation

DemiMarie commented May 9, 2024 • edited

qubesos-bot commented May 17, 2024 • edited

OpenQA test summary

New failures, excluding unstable

Failed tests

Fixed failures

Unstable tests

marmarek left a comment

Choose a reason for hiding this comment

DemiMarie commented May 9, 2024 •

edited

qubesos-bot commented May 17, 2024 •

edited