© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
a60fb26
(Get the code!)
Hi,
thanks for pointing this out.
would you mind posting a patch to fix this?
It looks like a real bug, except I'm a bit confused as to how this features is supposed to be used in the first place. The point of the setgroups=deny feature was to not regress the case where you use a negative group acl to deny a user from reading a file, right? But near as I can tell you can only enable setgroups=deny when creating a new user namespace, so such an admin is in any case required to step through new hoops to not regress functionality, which would be unacceptable.
In any case, my feeling on the bug is that it is CVE-worthy, but does not need to be secret (since the workaround is chmod 000 /usr/bin/newgidmap or apt purge uidmap. Does that seem reasonable?