group.of.nepali.translators team mailing list archive

[Eric Desrochers <eric.desrochers@xxxxxxxxxxxxx>]

Public bug reported:

[IMPACT]

[TEST CASE]

[REGRESSION POTENTIAL]

[OTHER INFORMATION]

Debbug:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815922

This is fixing a CVE vulnerability:
https://security-tracker.debian.org/tracker/CVE-2016-2779

Restricting ioctl on the kernel side seems the better approach, patches have been posted to kernel-hardening list
http://www.openwall.com/lists/oss-security/2016/02/27/1
https://marc.info/?l=util-linux-ng&m=145694736107128&w=2
2.31 introduces a new --pty option to separate privileged and unprivileged
shells (not enabled by default and the cli switch is necessary).

[ORIGINAL DESCRIPTION]
After a discussion with security team on what would be their recommended way to run command as 'juju-user' inside the sosreport juju plugin which is run as root, in order to avoid using 'sudo' or 'su' command.

The recommendation was to use 'runuser -P'

runuser PTY support is present in Bionic and late, but not in Xenial.

I'm opening this bug in the effort to update util-linux/runuser code in
Xenial to add the PTY support.

** Affects: util-linux (Ubuntu)
     Importance: Undecided
         Status: Fix Released

** Affects: util-linux (Ubuntu Xenial)
     Importance: Undecided
         Status: New


** Tags: sts

** Tags added: sts

** Also affects: util-linux (Ubuntu Xenial)
   Importance: Undecided
       Status: New

** Changed in: util-linux (Ubuntu)
       Status: New => Fix Released

** Description changed:

- After a discussion with security team on what would be their recommended
- way to run command as 'juju-user' inside the sosreport juju plugin which
- is run as root, in order to avoid using 'sudo' or 'su' command.
+ [IMPACT]
+ 
+ [TEST CASE]
+ 
+ [REGRESSION POTENTIAL]
+ 
+ [OTHER INFORMATION]
+ 
+ Debbug:
+ https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815922
+ 
+ This is fixing a CVE vulnerability:
+ https://security-tracker.debian.org/tracker/CVE-2016-2779
+ 
+ Restricting ioctl on the kernel side seems the better approach, patches have been posted to kernel-hardening list
+ http://www.openwall.com/lists/oss-security/2016/02/27/1
+ https://marc.info/?l=util-linux-ng&m=145694736107128&w=2
+ 2.31 introduces a new --pty option to separate privileged and unprivileged
+ shells (not enabled by default and the cli switch is necessary).
+ 
+ [ORIGINAL DESCRIPTION]
+ After a discussion with security team on what would be their recommended way to run command as 'juju-user' inside the sosreport juju plugin which is run as root, in order to avoid using 'sudo' or 'su' command.
  
  The recommendation was to use 'runuser -P'
  
  runuser PTY support is present in Bionic and late, but not in Xenial.
  
  I'm opening this bug in the effort to update util-linux/runuser code in
  Xenial to add the PTY support.

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1828901

Title:
  add PTY support for runuser

Status in util-linux package in Ubuntu:
  Fix Released
Status in util-linux source package in Xenial:
  New

Bug description:
  [IMPACT]

  [TEST CASE]

  [REGRESSION POTENTIAL]

  [OTHER INFORMATION]

  Debbug:
  https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815922

  This is fixing a CVE vulnerability:
  https://security-tracker.debian.org/tracker/CVE-2016-2779

  Restricting ioctl on the kernel side seems the better approach, patches have been posted to kernel-hardening list
  http://www.openwall.com/lists/oss-security/2016/02/27/1
  https://marc.info/?l=util-linux-ng&m=145694736107128&w=2
  2.31 introduces a new --pty option to separate privileged and unprivileged
  shells (not enabled by default and the cli switch is necessary).

  [ORIGINAL DESCRIPTION]
  After a discussion with security team on what would be their recommended way to run command as 'juju-user' inside the sosreport juju plugin which is run as root, in order to avoid using 'sudo' or 'su' command.

  The recommendation was to use 'runuser -P'

  runuser PTY support is present in Bionic and late, but not in Xenial.

  I'm opening this bug in the effort to update util-linux/runuser code
  in Xenial to add the PTY support.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/1828901/+subscriptions