GNU bug report logs

#47576 [security] ibus-daemon launches ungrafted subprocesses

PackageSource(s)Maintainer(s)
guix PTS Buildd Popcon
Full log

Message #11 received at 47576@debbugs.gnu.org (full text, mbox, reply):

Received: (at 47576) by debbugs.gnu.org; 3 Apr 2021 07:14:32 +0000
From debbugs-submit-bounces@debbugs.gnu.org Sat Apr 03 03:14:32 2021
Received: from localhost ([127.0.0.1]:33197 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1lSaUK-0003lM-08
	for submit@debbugs.gnu.org; Sat, 03 Apr 2021 03:14:32 -0400
Received: from world.peace.net ([64.112.178.59]:37398)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <mhw@netris.org>) id 1lSaUJ-0003lA-8P
 for 47576@debbugs.gnu.org; Sat, 03 Apr 2021 03:14:31 -0400
Received: from mhw by world.peace.net with esmtpsa
 (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92)
 (envelope-from <mhw@netris.org>)
 id 1lSaUC-0004Vb-PV; Sat, 03 Apr 2021 03:14:24 -0400
From: Mark H Weaver <mhw@netris.org>
To: 47576@debbugs.gnu.org
Subject: Re: bug#47576: [security] ibus-daemon launches ungrafted subprocesses
In-Reply-To: <87pmzcdljm.fsf@netris.org>
References: <87pmzcdljm.fsf@netris.org>
Date: Sat, 03 Apr 2021 03:12:46 -0400
Message-ID: <877dljdenq.fsf@netris.org>
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 47576
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

Earlier, I wrote:
> Looking for references to the old 'glib' was the *first* thing I
> checked.  I haven't yet checked anything else, so I don't know how
> widespread this problem is.

I looked for other ungrafted libraries loaded on my system, and I'm glad
to report that I see no evidence of any grafting problem other than this
'ibus-daemon' issue.

The following ungrafted libraries are loaded by processes from the
mysterious old version of 'ibus' on my system: glib, cairo, and libx11.
I still have no clue where the reference to that mysterious old version
(/gnu/store/a4r6q1fbfqapy5hrrxap1yg96rjgln6q-ibus-1.5.22) is coming
from.

Are other people seeing this?  Here's an easy way to check:

--8<---------------cut here---------------start------------->8---
mhw@jojen ~$ ps axf | grep -e -ibus-
  402 tty7     Sl     0:00  |           |   \_ /gnu/store/vdc4j6c9psx8jicr5h2n8jdxsfjms3h2-ibus-1.5.22/bin/ibus-daemon --panel disable -r --xim
  407 tty7     Sl     0:00  |           |       \_ /gnu/store/a4r6q1fbfqapy5hrrxap1yg96rjgln6q-ibus-1.5.22/libexec/ibus-dconf
  450 tty7     Sl     0:00  |           |       \_ /gnu/store/a4r6q1fbfqapy5hrrxap1yg96rjgln6q-ibus-1.5.22/libexec/ibus-engine-simple
  798 tty8     Sl     0:00              |   \_ /gnu/store/vdc4j6c9psx8jicr5h2n8jdxsfjms3h2-ibus-1.5.22/bin/ibus-daemon --panel disable -r --xim
  804 tty8     Sl     0:00              |   |   \_ /gnu/store/a4r6q1fbfqapy5hrrxap1yg96rjgln6q-ibus-1.5.22/libexec/ibus-dconf
  805 tty8     Sl     0:01              |   |   \_ /gnu/store/a4r6q1fbfqapy5hrrxap1yg96rjgln6q-ibus-1.5.22/libexec/ibus-extension-gtk3
  894 tty8     Sl     0:00              |   |   \_ /gnu/store/a4r6q1fbfqapy5hrrxap1yg96rjgln6q-ibus-1.5.22/libexec/ibus-engine-simple
 2246 pts/0    S+     0:00              |   |   |   \_ grep -e -ibus-
  409 tty7     Sl     0:00 /gnu/store/vdc4j6c9psx8jicr5h2n8jdxsfjms3h2-ibus-1.5.22/libexec/ibus-x11 --kill-daemon
  808 tty8     Sl     0:00 /gnu/store/vdc4j6c9psx8jicr5h2n8jdxsfjms3h2-ibus-1.5.22/libexec/ibus-x11 --kill-daemon
--8<---------------cut here---------------end--------------->8---

If you run this command, do you also see different 'ibus' store items
used by the daemon and its subprocesses?

      Mark

Send a report that this bug log contains spam.

debbugs.gnu.org maintainers <help-debbugs@gnu.org>. Last modified: Sun Dec 22 02:02:35 2024; Machine Name: wallace-server

GNU bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.