#47576 [security] ibus-daemon launches ungrafted subprocesses

Message #5 received at submit@debbugs.gnu.org (full text, mbox, reply):

Received: (at submit) by debbugs.gnu.org; 3 Apr 2021 04:45:47 +0000
From debbugs-submit-bounces@debbugs.gnu.org Sat Apr 03 00:45:47 2021
Received: from localhost ([127.0.0.1]:33101 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1lSYAN-0007BL-0Y
	for submit@debbugs.gnu.org; Sat, 03 Apr 2021 00:45:47 -0400
Received: from lists.gnu.org ([209.51.188.17]:45388)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <mhw@netris.org>) id 1lSYAL-0007A4-RD
 for submit@debbugs.gnu.org; Sat, 03 Apr 2021 00:45:46 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:33194)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mhw@netris.org>) id 1lSYAL-0004Pe-Jx
 for bug-guix@gnu.org; Sat, 03 Apr 2021 00:45:45 -0400
Received: from world.peace.net ([64.112.178.59]:47688)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mhw@netris.org>) id 1lSYAJ-0006Qb-Di
 for bug-guix@gnu.org; Sat, 03 Apr 2021 00:45:45 -0400
Received: from mhw by world.peace.net with esmtpsa
 (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92)
 (envelope-from <mhw@netris.org>)
 id 1lSYAG-0002ib-Vt; Sat, 03 Apr 2021 00:45:41 -0400
From: Mark H Weaver <mhw@netris.org>
To: bug-guix@gnu.org
Subject: [security] ibus-daemon launches ungrafted subprocesses
Date: Sat, 03 Apr 2021 00:44:02 -0400
Message-ID: <87pmzcdljm.fsf@netris.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass client-ip=64.112.178.59; envelope-from=mhw@netris.org;
 helo=world.peace.net
X-Spam_score_int: -18
X-Spam_score: -1.9
X-Spam_bar: -
X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-Spam-Score: -1.3 (-)
X-Debbugs-Envelope-To: submit
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -2.3 (--)

Several processes on my Guix system load shared libraries from the
*ungrafted* glib: specifically, all of the subprocesses of
'ibus-daemon'.

The 'ibus-daemon' process itself seems to be properly grafted.  However,
its subprocesses are from an old, ungrafted build of 'ibus':

--8<---------------cut here---------------start------------->8---
mhw@jojen ~$ pstree -up 796
.ibus-daemon-re(796,mhw)─┬─.ibus-dconf-rea(803)─┬─{.ibus-dconf-rea}(806)
                         │                      └─{.ibus-dconf-rea}(807)
                         ├─.ibus-engine-si(892)─┬─{.ibus-engine-si}(917)
                         │                      └─{.ibus-engine-si}(918)
                         ├─.ibus-extension(804)─┬─{.ibus-extension}(810)
                         │                      ├─{.ibus-extension}(811)
                         │                      └─{.ibus-extension}(819)
                         ├─{.ibus-daemon-re}(797)
                         └─{.ibus-daemon-re}(798)
mhw@jojen ~$ ps -fq 796,803,892,804
UID        PID  PPID  C STIME TTY          TIME CMD
mhw        796   698  0 00:10 tty8     00:00:00 /gnu/store/radg6xacqvw60d76k97y0ydccjm7iq7a-ibus-1.5.22/bin/ibus-daemon --panel disable -r --xim
mhw        803   796  0 00:10 tty8     00:00:00 /gnu/store/a4r6q1fbfqapy5hrrxap1yg96rjgln6q-ibus-1.5.22/libexec/ibus-dconf
mhw        892   796  0 00:10 tty8     00:00:00 /gnu/store/a4r6q1fbfqapy5hrrxap1yg96rjgln6q-ibus-1.5.22/libexec/ibus-engine-simple
mhw        804   796  2 00:10 tty8     00:00:01 /gnu/store/a4r6q1fbfqapy5hrrxap1yg96rjgln6q-ibus-1.5.22/libexec/ibus-extension-gtk3
--8<---------------cut here---------------end--------------->8---

(The same issue occurs for the 'ibus-daemon' that's owned by 'gdm').

/gnu/store/radg…-ibus-1.5.22 seems to be the properly grafted 'ibus',
replacing the ungrafted /gnu/store/wnqv…-ibus-1.5.22 which I last built
on February 2nd: (I don't use substitutes)

--8<---------------cut here---------------start------------->8---
mhw@jojen ~$ bzcat $(guix build --log-file /gnu/store/radg6xacqvw60d76k97y0ydccjm7iq7a-ibus-1.5.22)
grafting '/gnu/store/wnqv8rj3ngjivl6334d1h8irszf39dm9-ibus-1.5.22' -> '/gnu/store/radg6xacqvw60d76k97y0ydccjm7iq7a-ibus-1.5.22'...
mhw@jojen ~$ ls -l $(guix build --log-file /gnu/store/wnqv8rj3ngjivl6334d1h8irszf39dm9-ibus-1.5.22)
-rw-r--r-- 1 root root 24923 Feb  2 10:35 /var/log/guix/drvs/hx/qpdblmghj7pvg0ni2l38p0a1s4igbd-ibus-1.5.22.drv.bz2
--8<---------------cut here---------------end--------------->8---

The reference scanner does not see any references to any other 'ibus',
from either my system, my user profile, or the grafted 'ibus':

--8<---------------cut here---------------start------------->8---
mhw@jojen ~$ guix gc -R $(readlink -f /run/current-system) | grep -e -ibus-
/gnu/store/radg6xacqvw60d76k97y0ydccjm7iq7a-ibus-1.5.22
mhw@jojen ~$ guix gc -R $(readlink -f ~/.guix-profile) | grep -e -ibus-
mhw@jojen ~$ guix gc -R /gnu/store/radg6xacqvw60d76k97y0ydccjm7iq7a-ibus-1.5.22 | grep -e -ibus-
/gnu/store/radg6xacqvw60d76k97y0ydccjm7iq7a-ibus-1.5.22
--8<---------------cut here---------------end--------------->8---

Interestingly, the subprocesses are *not* from the ungrafted 'ibus' that
I last built on February 2nd.  Instead, they are from a much older
ungrafted 'ibus', which I last built on December 20th of last year:

--8<---------------cut here---------------start------------->8---
mhw@jojen ~$ ls -l $(guix build --log-file /gnu/store/a4r6q1fbfqapy5hrrxap1yg96rjgln6q-ibus-1.5.22)
-rw-r--r-- 1 root root 24981 Dec 20 20:33 /var/log/guix/drvs/sn/k6581cpk6n8q3dvsarqmqimhx0n2i2-ibus-1.5.22.drv.bz2
--8<---------------cut here---------------end--------------->8---

I'm at a bit of a loss of where this much older, ungrafted 'ibus' is
coming from.  Running "guix build ibus", with and without grafts, give
the other two 'ibus' store items:

--8<---------------cut here---------------start------------->8---
mhw@jojen ~$ guix build ibus --no-grafts
/gnu/store/wnqv8rj3ngjivl6334d1h8irszf39dm9-ibus-1.5.22
mhw@jojen ~$ guix build ibus
/gnu/store/radg6xacqvw60d76k97y0ydccjm7iq7a-ibus-1.5.22
--8<---------------cut here---------------end--------------->8---

Is there another variant of the 'ibus' package hiding somewhere?
Where is "/gnu/store/a4r6…-ibus-1.5.22" coming from?

I don't know that I'll have the energy to investigate this further
anytime soon, so I'm hoping that someone else will pick this up.

* * *

FYI, I discovered this while doing sanity checks on my new preliminary
grafting implementation (which supports rewriting UTF-16/32 store
references).  Looking for references to the old 'glib' was the *first*
thing I checked.  I haven't yet checked anything else, so I don't know
how widespread this problem is.

       Mark

Send a report that this bug log contains spam.