This bug was fixed in the package adsys - 0.8.1
---
adsys (0.8.1) jammy; urgency=medium
* Change chown logic on script directory and parents to avoid potential
vulnerability. (LP: #1961458)
* Separate readiness from session running to avoid unrefreshed user script
** Changed in: adsys (Ubuntu)
Status: New => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1961459
Title:
adsys pam issues
To manage notifications about this bug go to:
Ah, thanks! Lurking there and will shamelessly copy what they decide to
do! :)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1961459
Title:
adsys pam issues
To manage notifications about this bug
Heh, so Dmitry might actually remove the other 'free' calls in the error
paths :) -- and he spotted that the strdup() calls are unchecked:
https://github.com/linux-pam/linux-pam/issues/444
It might be worth mirroring whatever he decides to do.
Thanks
** Bug watch added:
Oh yes, the waitpid() stuff.. if it works in testing, leaving it alone
is probably fine then. Thanks.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1961459
Title:
adsys pam issues
To manage
Hah so I've got another bug to report then? :) Thanks!
** Information type changed from Private Security to Public
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1961459
Title:
adsys pam issues
To