Arch Linux

Please read this before reporting a bug:

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!

FS#55328 - [shadow] setuid bits on newuidmap and newgidmap

Attached to Project: Arch Linux
Opened by Neven Sajko (Neven) - Tuesday, 29 August 2017, 07:30 GMT
Last edited by Dave Reisner (falconindy) - Thursday, 31 August 2017, 14:12 GMT
Task Type Bug Report
Category Packages: Core
Status Closed
Assigned To Dave Reisner (falconindy)
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No


newuidmap and newgidmap seem to be meant for use with user namespaces, which are not enabled for Archlinux kernels. I hope those binaries being set-user-id-root is not a security issue on a user_ns-less system.
This task depends upon

Closed by  Dave Reisner (falconindy)
Thursday, 31 August 2017, 14:12 GMT
Reason for closing:  Not a bug
Additional comments about closing:  If there are actual concerns with these binaries being setuid, please them up with upstream first.
Comment by Dave Reisner (falconindy) - Thursday, 31 August 2017, 14:12 GMT
Hope is not a strategy, and linux-hardened is compiled with CONFIG_USER_NS=y