I am beginning to suspect this is an systemd-logind issue. I've been
thinking it's logind but just checked the upgrade packages to/from
versions and cross-checked against the changelogs.
? systemd:amd64 (237-3ubuntu10, 237-3ubuntu10.3),
And we have a major change to logind included in that:
systemd (237-3ubuntu10.2) bionic; urgency=medium
* logind: backport v238/v239 fixes for handling DRM devices.
These changes introduce all the fixes that correct handling of open fd's
related to the DRM devices, as used by for example NVIDIA GPUs. This
backport
includes some refactoring, corrections, and comment updates. This to insure
that correct history is preserved, code comments match reality, and to ease
backporting logind fixes in the future SRUs. (LP: #1777099)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to policykit-1 in Ubuntu.
https://bugs.launchpad.net/bugs/1784964
Title:
Regression due to CVE-2018-1116 (processes not inheriting user's
groups )
Status in policykit-1 package in Ubuntu:
Confirmed
Bug description:
This report is tracking a possible regression caused by the recent
CVE-2018-1116 patches to policykit-1.
On 18.04, since package upgrades on July 23rd, and after the first
reboot since then on Aug 1st, I hit an issue with the primary (sudo,
adm, etc...) user getting Permission Denied trying to do:
tail -f /var/log/syslog
when that file is owned by syslog:adm and is g=r.
I then found that "groups" reports only the $USER and not the entire
list, but "groups $USER" reports all the groups correctly.
The user shell is set to /usr/bin/tmux and /etc/tmux.conf has "set -g
default-shell /bin/bash"
After changing the user's shell back to /bin/bash and logging in on
tty1 the list of groups shows correctly for the /bin/bash process
running on tty1.
I investigated and found that for the affected processes, such as the
tmux process, /proc/$PID/loginuid = 4294967295 whereas the /bin/bash
process on tty1 correctly reported 1000. The same with the respective
gid_map and uid_map.
4294967295 == -1 == 0xFFFFFFFF
The recent CVE patch to policykit has several functions where it does
"uid = -1" which seems to tie in to my findings so far.
I also noticed Ubuntu is still based on version 0.105 which was
released in 2012 - upstream released 0.115 with the CVE patch.
I suspect the backporting has missed something.
The Ubuntu backport patch is:
https://git.launchpad.net/ubuntu/+source/policykit-1/commit/?h=applied/ubuntu
/bionic-devel&id=840c50182f5ab1ba28c1d20cce4c207364852935
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/policykit-1/+bug/1784964/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
