I had a preliminary patch written, but it was getting quite complicated (shadow's codebase is much more complicated than I expected -- and the /etc/subgid parsing code is intertwined with the parsing code for all of the other /etc/... files). I am working on it though.
I've also email the SUSE Security team about getting a CVE assigned, though I'm not sure if it's better that we get it assigned or that the Ubuntu folks get it assigned. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1729357 Title: unprivileged user can drop supplementary groups To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1729357/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
