This does not really fix security because one aspect of security is
availability to legitimate users and this breaks the latter. Seems
there are better ways to fix such as restricting what this can write to
with apparmor? Or just fixing the coding so it does parse the input
more carefully.
--
Y
For context, this change was introduced in
https://ubuntu.com/security/notices/USN-6719-2
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2064685
Title:
write says write: effective gid does not match
Hello Robert, I believe this is intentional.
If you wish to restore the previous behavior, it should be sufficient to
change /usr/bin/write.ul to root:tty 02755.
Thanks
** Changed in: util-linux (Ubuntu)
Status: New => Confirmed
** Information type changed from Private Security to Public