Public bug reported:
Hi,
/var/spool/nncp is owned by owner and group nncp.
But how should a user other than root be able to write into that
directory or run nncp commands being able to read /etc/nncp.hjson, if
that is supposed to remain secret?
Shouldn't those commands be set setuid nncp?
E.g. in older package uucp it is set correctly:
-rwsr-xr-x 1 uucp root 121088 Mär 25 2022 /usr/bin/uucp*
-rwsr-xr-x 1 uucp root 121072 Mär 25 2022 /usr/bin/uux*
regards
ProblemType: Bug
DistroRelease: Ubuntu 24.04
Package: nncp 8.10.0-8ubuntu0.2
ProcVersionSignature: Ubuntu 6.8.0-49.49-generic 6.8.12
Uname: Linux 6.8.0-49-generic x86_64
NonfreeKernelModules: zfs
ApportVersion: 2.28.1-0ubuntu3.3
Architecture: amd64
CasperMD5CheckResult: pass
CurrentDesktop: XFCE
Date: Fri Dec 20 01:13:16 2024
InstallationDate: Installed on 2022-12-25 (725 days ago)
InstallationMedia: Xubuntu 22.04.1 LTS "Jammy Jellyfish" - Release amd64
(20220809.1)
RebootRequiredPkgs: Error: path contained symlinks.
SourcePackage: nncp
UpgradeStatus: Upgraded to noble on 2024-06-24 (178 days ago)
** Affects: nncp (Ubuntu)
Importance: Undecided
Status: New
** Tags: amd64 apport-bug noble
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2092242
Title:
missing suid nncp for executables
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nncp/+bug/2092242/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
