Package: security-tracker Severity: important Tags: security Dear Debian security team,
This bug deals with the lower framework of Linux/Debian system, it affects at least all debian-based Linux Distros like Ubuntu, MX-Linux, etc. Steps to reproduce: 1. create a new group called secure01 addgroup secure01 2. create files that are only accessible by the group mkdir /mnt/secure-folder echo yes >/mnt/secure-folder/secure-file chown -R root:secure01 /mnt/secure-folder/ chmod -R o-rwx /mnt/secure-folder 3. add an existing user into the group usermod -a -G secure01 user01 BUG1: if user01 is already logged in, he still cannot access /mnt/secure- folder/secure-file ls: cannot open directory '/mnt/secure-folder/': Permission denied 4. del the user from the group gpasswd -d user01 secure01 BUG2: if user01 is already logged in or it has running tmux/screen sessions, he still can access that group's /mnt/secure-folder/secure-file user01@local:~$ cat /mnt/secure-folder/secure-file yes This bug is significant for a multi-user secure Linux environment. In a secure network cluster, new data files are often dynamically added into the system with new group permissions created, and some users are added into the group or removed from the group depending on role change, task change, etc. However, the changed permission does not reflect immediately on all the running processes belonging to that user. As a result, a user can have a persistent tmux/screen session (that does not go away unless reboot) to continue to access group files he can access before, even though his access permission has been revoked now. -- System Information: Debian Release: 10.10 APT prefers oldstable-updates APT policy: (500, 'oldstable-updates'), (500, 'oldstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.10.57 (SMP w/12 CPU cores) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_CPU_OUT_OF_SPEC, TAINT_WARN, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: sysvinit (via /sbin/init) LSM: AppArmor: enabled