[Kernel-packages] [Bug 1845637] Re: Drop setting fs.protected_regular and fs.protected_fifos from sysctl defaults shipped by systemd
This bug was fixed in the package systemd - 242-7ubuntu1 --- systemd (242-7ubuntu1) eoan; urgency=medium * Merge from unstable * UBUNTU: drop setting fs.protected_regular and fs.protected_fifos from sysctl defaults shipped by systemd (LP: #1845637) File: debian/patches/debian/UBUNTU-drop-kernel.-settings-from-sysctl-defaults-shipped.patch https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=6e583847b04c3f83a50f3bd6947dcae6a73d8388 * test-execute: Filter /dev/.lxc in exec-dynamicuser-statedir.service. It appears in nested LXC containers and broke the armhf autopkgtest. (LP: #1845337) File: debian/patches/test-execute-Filter-dev-.lxc-in-exec-dynamicuser-statedir.patch https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=75af888d5552f706b86182a56f12ccc8e83ca04e systemd (242-7) unstable; urgency=medium * sleep: properly pass verb to sleep script * core: factor root_directory application out of apply_working_directory. Fixes RootDirectory not working when used in combination with User. (Closes: #939408) * shared/bus-util: drop trusted annotation from bus_open_system_watch_bind_with_description(). This ensures that access controls on systemd-resolved's D-Bus interface are enforced properly. (CVE-2019-15718, Closes: #939353) -- Balint Reczey Wed, 02 Oct 2019 14:13:28 +0200 ** Changed in: systemd (Ubuntu) Status: New => Fix Released ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-15718 -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1845637 Title: Drop setting fs.protected_regular and fs.protected_fifos from sysctl defaults shipped by systemd Status in linux package in Ubuntu: Confirmed Status in systemd package in Ubuntu: Fix Released Bug description: Those settings are typically set by the kernel in Ubuntu. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1845637/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1845637] Re: Drop setting fs.protected_regular and fs.protected_fifos from sysctl defaults shipped by systemd
This is not a bug where logs can be collected. ** Changed in: linux (Ubuntu) Status: Incomplete => Confirmed -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1845637 Title: Drop setting fs.protected_regular and fs.protected_fifos from sysctl defaults shipped by systemd Status in linux package in Ubuntu: Confirmed Status in systemd package in Ubuntu: New Bug description: Those settings are typically set by the kernel in Ubuntu. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1845637/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1845637] Re: Drop setting fs.protected_regular and fs.protected_fifos from sysctl defaults shipped by systemd
Those defaults should probably be set by Linux, hence marking linux package as affected. With the systemd packaging dropping the new setting originating from systemd upstream Ubuntu's defaults become less secure in this area compared to other distros leaving upstream defaults applied, thus I also mark this bug as a public security issue. ** Also affects: linux (Ubuntu) Importance: Undecided Status: New ** Information type changed from Public to Public Security -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1845637 Title: Drop setting fs.protected_regular and fs.protected_fifos from sysctl defaults shipped by systemd Status in linux package in Ubuntu: Incomplete Status in systemd package in Ubuntu: New Bug description: Those settings are typically set by the kernel in Ubuntu. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1845637/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp