dx-packages team mailing list archive

Thread
Date

[Bug 1974250] Re: ~/.pam_environment gets created as owned by root

To: dx-packages@xxxxxxxxxxxxxxxxxxx
From: Marc Deslauriers <1974250@xxxxxxxxxxxxxxxxxx>
Date: Tue, 24 May 2022 11:31:55 -0000
Reply-to: Bug 1974250 <1974250@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx

** Information type changed from Private Security to Public Security

** Also affects: accountsservice (Ubuntu Jammy)
   Importance: Undecided
       Status: New

** Also affects: accountsservice (Ubuntu Kinetic)
   Importance: High
       Status: Fix Released

** Changed in: accountsservice (Ubuntu Jammy)
       Status: New => Fix Released

** Changed in: accountsservice (Ubuntu Kinetic)
       Status: Fix Released => Confirmed

-- 
You received this bug notification because you are a member of DX
Packages, which is subscribed to accountsservice in Ubuntu.
Matching subscriptions: dx-packages
https://bugs.launchpad.net/bugs/1974250

Title:
  ~/.pam_environment gets created as owned by root

Status in accountsservice package in Ubuntu:
  Confirmed
Status in accountsservice source package in Jammy:
  Fix Released
Status in accountsservice source package in Kinetic:
  Confirmed

Bug description:
  Something has happened lately with accountsservice, which makes it act
  as root instead of the current user when creating ~/.pam_environment.
  The very old bug #904395 comes to mind, and this smells a security
  issue.

  The function which is supposed to prevent this behavior is here:

  https://salsa.debian.org/freedesktop-
  team/accountsservice/-/blob/ubuntu/debian/patches/0010-set-
  language.patch#L75

  Haven't investigated further yet.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/accountsservice/+bug/1974250/+subscriptions