This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed- bionic' to 'verification-done-bionic'. If the problem still exists, change the tag 'verification-needed-bionic' to 'verification-failed- bionic'.
If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: verification-needed-bionic -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1890848 Title: 'ptrace trace' needed to readlink() /proc/*/ns/* files on older kernels Status in linux package in Ubuntu: Fix Released Status in linux source package in Xenial: Triaged Status in linux source package in Bionic: Fix Committed Bug description: SRU Justification: [Impact] Permission 'ptrace trace' is required to readlink() /proc/*/ns/*, when only 'ptrace read' should be required according to 'man namespaces': "Permission to dereference or read (readlink(2)) these symbolic links is governed by a ptrace access mode PTRACE_MODE_READ_FSCREDS check; see ptrace(2)." [Fix] Upstream commit 338d0be437ef10e247a35aed83dbab182cf406a2 fixes ptrace read check. [Test Plan] BugLink contains the source of a binary that reproduces the issue. In summary, it executes readlink() on /proc/*/ns/*. There's also a policy that has only 'ptrace read' permission. When the bug is fixed, execution is allowed. [Where problems could occur] The regression can be considered as low, since it's lowering the number of permissions required. Existing policies that already contain the permission 'ptrace trace' and 'ptrace read' will have a broader policy than required. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1890848/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
