Ubuntu
policykit-1 package

Bug #1784964
Comment #3

Comment 3 for bug 1784964

Revision history for this message

TJ (tj) wrote on 2018-08-02: Re: Regression due to CVE-2018-1116 (processes not inheriting user ID or groups )

journalctl shows the problem with the auid and session values being 0xFFFFFFFF (-1) when calling a sudo command:

Aug 02 01:18:20 hephaestion.lan.iam.tj audit[5094]: USER_AUTH pid=5094 uid=1000 auid=4294967295 ses=4294967295 msg='op=PAM:authentication acct="tj" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/1 res=success'

and trying to tail syslog:

tj  ~  tail -f /var/log/syslog
tail: cannot open '/var/log/syslog' for reading: Permission denied
tail: no files remaining

tj  ~  ls -ld /var /var/log /var/log/syslog
drwxr-xr-x 16 root root 4096 Apr 2 13:02 /var
drwxrwxr-x 25 root syslog 4096 Aug 2 01:16 /var/log
-rw-r----- 1 syslog adm 235432 Aug 2 01:31 /var/log/syslog

tj  ~  groups $USER
tj : tj root adm disk lp dialout cdrom floppy sudo audio video plugdev users netdev lpadmin kvm libvirtd wireshark lxd libvirtd

tj  ~  groups
tj

Ubuntupolicykit-1 package

Comment 3 for bug 1784964

Ubuntu
policykit-1 package