Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#55328 - [shadow] setuid bits on newuidmap and newgidmap
Attached to Project:
Arch Linux
Opened by Neven Sajko (Neven) - Tuesday, 29 August 2017, 07:30 GMT
Last edited by Dave Reisner (falconindy) - Thursday, 31 August 2017, 14:12 GMT
Opened by Neven Sajko (Neven) - Tuesday, 29 August 2017, 07:30 GMT
Last edited by Dave Reisner (falconindy) - Thursday, 31 August 2017, 14:12 GMT
|
DetailsDescription:
newuidmap and newgidmap seem to be meant for use with user namespaces, which are not enabled for Archlinux kernels. I hope those binaries being set-user-id-root is not a security issue on a user_ns-less system. |
This task depends upon
Closed by Dave Reisner (falconindy)
Thursday, 31 August 2017, 14:12 GMT
Reason for closing: Not a bug
Additional comments about closing: If there are actual concerns with these binaries being setuid, please them up with upstream first.
Thursday, 31 August 2017, 14:12 GMT
Reason for closing: Not a bug
Additional comments about closing: If there are actual concerns with these binaries being setuid, please them up with upstream first.
Comment by Dave Reisner (falconindy) -
Thursday, 31 August 2017, 14:12 GMT
Hope is not a strategy, and linux-hardened is compiled with CONFIG_USER_NS=y