I experience this same behaviour using lightdm + KDE plasma.
I've also tested lightdm + unity which did not trigger this behaviour.
This install uses local passwd/shadow/group files.
Both tests were after a fresh boot.

harm@harm-XPS-13-9360:~$ lsb_release -a; cat /proc/version
No LSB modules are available.                                                   
                                                                                
                                                                                
  
Distributor ID: Ubuntu                                                          
                                                                                
                                                                                
  
Description:    Ubuntu 18.04.1 LTS                                              
                                                                                
                                                                                
  
Release:        18.04                                                           
                                                                                
                                                                                
  
Codename:       bionic                                                          
                                                                                
                                                                                
  
Linux version 4.15.0-29-generic (buildd@lgw01-amd64-057) (gcc version 7.3.0 
(Ubuntu 7.3.0-16ubuntu3)) #31-Ubuntu SMP Tue Jul 17 15:39:52 UTC 2018 

harm@harm-XPS-13-9360:~$ groups; groups $(whoami)
harm                                                                            
                                                                                
                                                                                
  
harm : harm adm dialout cdrom sudo dip plugdev netdev lpadmin sambashare 
libvirt docker

harm@harm-XPS-13-9360:~$ id; id $(whoami)
uid=1000(harm) gid=1000(harm) groups=1000(harm)                                 
                                                                                
                                                                                
  
uid=1000(harm) gid=1000(harm) 
groups=1000(harm),4(adm),20(dialout),24(cdrom),27(sudo),30(dip),46(plugdev),109(netdev),113(lpadmin),128(sambashare),135(libvirt),999(docker)

harm@harm-XPS-13-9360:~$ cat /etc/nsswitch.conf 
# /etc/nsswitch.conf                                                            
                                                                                
                                                                                
  
#                                                                               
                                                                                
                                                                                
  
# Example configuration of GNU Name Service Switch functionality.               
                                                                                
                                                                                
  
# If you have the `glibc-doc-reference' and `info' packages installed, try:     
                                                                                
                                                                                
  
# `info libc "Name Service Switch"' for information about this file.            
                                                                                
                                                                                
  
                                                                                
                                                                                
                                                                                
  
passwd:         compat systemd                                                  
                                                                                
                                                                                
  
group:          compat systemd                                                  
                                                                                
                                                                                
  
shadow:         compat                                                          
                                                                                
                                                                                
  
gshadow:        files                                                           
                                                                                
                                                                                
  
                                                                                
                                                                                
                                                                                
  
hosts:          files mymachines resolve [!UNAVAIL=return] dns myhostname       
                                                                                
                                                                                
  
networks:       files                                                           
                                                                                
                                                                                
  

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to policykit-1 in Ubuntu.
https://bugs.launchpad.net/bugs/1784964

Title:
  Regression due to CVE-2018-1116 (processes not inheriting user's
  groups )

Status in policykit-1 package in Ubuntu:
  Confirmed

Bug description:
  This report is tracking a possible regression caused by the recent
  CVE-2018-1116 patches to policykit-1.

  On 18.04, since package upgrades on July 23rd, and after the first
  reboot since then on Aug 1st, I hit an issue with the primary (sudo,
  adm, etc...) user getting Permission Denied trying to do:

  tail -f /var/log/syslog

  when that file is owned by syslog:adm and is g=r.

  I then found that "groups" reports only the $USER and not the entire
  list, but "groups $USER" reports all the groups correctly.

  The user shell is set to /usr/bin/tmux and /etc/tmux.conf has "set -g
  default-shell /bin/bash"

  After changing the user's shell back to /bin/bash and logging in on
  tty1 the list of groups shows correctly for the /bin/bash process
  running on tty1.

  I investigated and found that for the affected processes, such as the
  tmux process, /proc/$PID/loginuid = 4294967295  whereas the /bin/bash
  process on tty1 correctly reported 1000. The same with the respective
  gid_map and uid_map.

  4294967295 == -1 == 0xFFFFFFFF

  The recent CVE patch to policykit has several functions where it does
  "uid = -1" which seems to tie in to my findings so far.

  I also noticed Ubuntu is still based on version 0.105 which was
  released in 2012 - upstream released 0.115 with the CVE patch.

  I suspect the backporting has missed something.

  The Ubuntu backport patch is:

  https://git.launchpad.net/ubuntu/+source/policykit-1/commit/?h=applied/ubuntu
  /bionic-devel&id=840c50182f5ab1ba28c1d20cce4c207364852935

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/policykit-1/+bug/1784964/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to