https://github.com/shadow-maint/shadow/pull/97 is my proposed patch. It currently only deals with the immediate security issue of allowing users that don't have
% echo "$(whoami):$(id -g):1" >> /etc/setgid ... set up. I've tested this with a couple of different setups and it appears to preserve behaviour when you're mapping subgid'd groups, but it restricts setgroups if the mapping is a fallback one. I was working on a patch for the flags code, but there's a lot of magic in the parsing code for that -- so I will work on that separately. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1729357 Title: unprivileged user can drop supplementary groups To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1729357/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
