[Touch-packages] [Bug 1828901] Re: add PTY support for runuser

2020-02-15 Thread Eric Desrochers
The sosreport juju plugin refactoring has been simplified.

For now, we don't expect the juju plugin to drop privileges any time
soon.

Thanks !

** Changed in: util-linux (Ubuntu Xenial)
   Status: In Progress => Won't Fix

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to util-linux in Ubuntu.
https://bugs.launchpad.net/bugs/1828901

Title:
  add PTY support for runuser

Status in util-linux package in Ubuntu:
  Fix Released
Status in util-linux source package in Xenial:
  Won't Fix
Status in util-linux package in Debian:
  Fix Released

Bug description:
  [IMPACT]

  [TEST CASE]

  [REGRESSION POTENTIAL]

  [OTHER INFORMATION]

  Debbug:
  https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815922

  This is fixing a CVE vulnerability:
  https://security-tracker.debian.org/tracker/CVE-2016-2779

  Restricting ioctl on the kernel side seems the better approach, patches have 
been posted to kernel-hardening list
  http://www.openwall.com/lists/oss-security/2016/02/27/1
  https://marc.info/?l=util-linux-ng=145694736107128=2
  2.31 introduces a new --pty option to separate privileged and unprivileged
  shells (not enabled by default and the cli switch is necessary).

  [ORIGINAL DESCRIPTION]
  After a discussion with security team on what would be their recommended way 
to run command as 'juju-user' inside the sosreport juju plugin which is run as 
root, in order to avoid using 'sudo' or 'su' command.

  The recommendation was to use 'runuser -P'

  runuser PTY support is present in Bionic and late, but not in Xenial.

  I'm opening this bug in the effort to update util-linux/runuser code
  in Xenial to add the PTY support.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/1828901/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1828901] Re: add PTY support for runuser

2019-05-16 Thread Mathieu Trudel-Lapierre
** Tags added: rls-x-notfixing

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to util-linux in Ubuntu.
https://bugs.launchpad.net/bugs/1828901

Title:
  add PTY support for runuser

Status in util-linux package in Ubuntu:
  Fix Released
Status in util-linux source package in Xenial:
  In Progress
Status in util-linux package in Debian:
  Fix Released

Bug description:
  [IMPACT]

  [TEST CASE]

  [REGRESSION POTENTIAL]

  [OTHER INFORMATION]

  Debbug:
  https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815922

  This is fixing a CVE vulnerability:
  https://security-tracker.debian.org/tracker/CVE-2016-2779

  Restricting ioctl on the kernel side seems the better approach, patches have 
been posted to kernel-hardening list
  http://www.openwall.com/lists/oss-security/2016/02/27/1
  https://marc.info/?l=util-linux-ng=145694736107128=2
  2.31 introduces a new --pty option to separate privileged and unprivileged
  shells (not enabled by default and the cli switch is necessary).

  [ORIGINAL DESCRIPTION]
  After a discussion with security team on what would be their recommended way 
to run command as 'juju-user' inside the sosreport juju plugin which is run as 
root, in order to avoid using 'sudo' or 'su' command.

  The recommendation was to use 'runuser -P'

  runuser PTY support is present in Bionic and late, but not in Xenial.

  I'm opening this bug in the effort to update util-linux/runuser code
  in Xenial to add the PTY support.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/1828901/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1828901] Re: add PTY support for runuser

2019-05-13 Thread Bug Watch Updater
** Changed in: util-linux (Debian)
   Status: Unknown => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to util-linux in Ubuntu.
https://bugs.launchpad.net/bugs/1828901

Title:
  add PTY support for runuser

Status in util-linux package in Ubuntu:
  Fix Released
Status in util-linux source package in Xenial:
  In Progress
Status in util-linux package in Debian:
  Fix Released

Bug description:
  [IMPACT]

  [TEST CASE]

  [REGRESSION POTENTIAL]

  [OTHER INFORMATION]

  Debbug:
  https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815922

  This is fixing a CVE vulnerability:
  https://security-tracker.debian.org/tracker/CVE-2016-2779

  Restricting ioctl on the kernel side seems the better approach, patches have 
been posted to kernel-hardening list
  http://www.openwall.com/lists/oss-security/2016/02/27/1
  https://marc.info/?l=util-linux-ng=145694736107128=2
  2.31 introduces a new --pty option to separate privileged and unprivileged
  shells (not enabled by default and the cli switch is necessary).

  [ORIGINAL DESCRIPTION]
  After a discussion with security team on what would be their recommended way 
to run command as 'juju-user' inside the sosreport juju plugin which is run as 
root, in order to avoid using 'sudo' or 'su' command.

  The recommendation was to use 'runuser -P'

  runuser PTY support is present in Bionic and late, but not in Xenial.

  I'm opening this bug in the effort to update util-linux/runuser code
  in Xenial to add the PTY support.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/1828901/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1828901] Re: add PTY support for runuser

2019-05-13 Thread Eric Desrochers
** Tags added: sosreport37

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to util-linux in Ubuntu.
https://bugs.launchpad.net/bugs/1828901

Title:
  add PTY support for runuser

Status in util-linux package in Ubuntu:
  Fix Released
Status in util-linux source package in Xenial:
  In Progress
Status in util-linux package in Debian:
  Unknown

Bug description:
  [IMPACT]

  [TEST CASE]

  [REGRESSION POTENTIAL]

  [OTHER INFORMATION]

  Debbug:
  https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815922

  This is fixing a CVE vulnerability:
  https://security-tracker.debian.org/tracker/CVE-2016-2779

  Restricting ioctl on the kernel side seems the better approach, patches have 
been posted to kernel-hardening list
  http://www.openwall.com/lists/oss-security/2016/02/27/1
  https://marc.info/?l=util-linux-ng=145694736107128=2
  2.31 introduces a new --pty option to separate privileged and unprivileged
  shells (not enabled by default and the cli switch is necessary).

  [ORIGINAL DESCRIPTION]
  After a discussion with security team on what would be their recommended way 
to run command as 'juju-user' inside the sosreport juju plugin which is run as 
root, in order to avoid using 'sudo' or 'su' command.

  The recommendation was to use 'runuser -P'

  runuser PTY support is present in Bionic and late, but not in Xenial.

  I'm opening this bug in the effort to update util-linux/runuser code
  in Xenial to add the PTY support.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/1828901/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1828901] Re: add PTY support for runuser

2019-05-13 Thread Eric Desrochers
** Changed in: util-linux (Ubuntu Xenial)
   Importance: Undecided => Medium

** Changed in: util-linux (Ubuntu Xenial)
 Assignee: (unassigned) => Eric Desrochers (slashd)

** Bug watch added: Debian Bug tracker #815922
   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815922

** Also affects: util-linux (Debian) via
   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815922
   Importance: Unknown
   Status: Unknown

** Changed in: util-linux (Ubuntu Xenial)
   Status: New => In Progress

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to util-linux in Ubuntu.
https://bugs.launchpad.net/bugs/1828901

Title:
  add PTY support for runuser

Status in util-linux package in Ubuntu:
  Fix Released
Status in util-linux source package in Xenial:
  In Progress
Status in util-linux package in Debian:
  Unknown

Bug description:
  [IMPACT]

  [TEST CASE]

  [REGRESSION POTENTIAL]

  [OTHER INFORMATION]

  Debbug:
  https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815922

  This is fixing a CVE vulnerability:
  https://security-tracker.debian.org/tracker/CVE-2016-2779

  Restricting ioctl on the kernel side seems the better approach, patches have 
been posted to kernel-hardening list
  http://www.openwall.com/lists/oss-security/2016/02/27/1
  https://marc.info/?l=util-linux-ng=145694736107128=2
  2.31 introduces a new --pty option to separate privileged and unprivileged
  shells (not enabled by default and the cli switch is necessary).

  [ORIGINAL DESCRIPTION]
  After a discussion with security team on what would be their recommended way 
to run command as 'juju-user' inside the sosreport juju plugin which is run as 
root, in order to avoid using 'sudo' or 'su' command.

  The recommendation was to use 'runuser -P'

  runuser PTY support is present in Bionic and late, but not in Xenial.

  I'm opening this bug in the effort to update util-linux/runuser code
  in Xenial to add the PTY support.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/1828901/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp