FS#55328 - [shadow] setuid bits on newuidmap and newgidmap
Attached to Project:
Arch Linux
Opened by Neven Sajko (Neven) - Tuesday, 29 August 2017, 07:30 GMT
Last edited by Dave Reisner (falconindy) - Thursday, 31 August 2017, 14:12 GMT
Opened by Neven Sajko (Neven) - Tuesday, 29 August 2017, 07:30 GMT
Last edited by Dave Reisner (falconindy) - Thursday, 31 August 2017, 14:12 GMT
|
Details
Description:
newuidmap and newgidmap seem to be meant for use with user namespaces, which are not enabled for Archlinux kernels. I hope those binaries being set-user-id-root is not a security issue on a user_ns-less system. |
This task depends upon
Closed by Dave Reisner (falconindy)
Thursday, 31 August 2017, 14:12 GMT
Reason for closing: Not a bug
Additional comments about closing: If there are actual concerns with these binaries being setuid, please them up with upstream first.
Thursday, 31 August 2017, 14:12 GMT
Reason for closing: Not a bug
Additional comments about closing: If there are actual concerns with these binaries being setuid, please them up with upstream first.
Comment by
Dave Reisner (falconindy) -
Thursday, 31 August 2017, 14:12 GMT
Hope is not a strategy, and linux-hardened is compiled with
CONFIG_USER_NS=y