TJ is right, I also confirmed this issue on a freshly installed 18.04.1 x86_64 Desktop VM last night. After enabling 'proposed' and installing all pending updates, 'groups' in a terminal returned just the users primary group. I then restored a snapshot taken right after the 18.04 installation (but with 'proposed' already enabled), and installed all pending updates again, this time one by one, but could not reproduce it then. I don't have any indication that the outcome would have been any different without 'proposed'.
So it remains unclear to me how to reproduce this reliably. It is clear that it is possible to reproduce this (occasionally) on a fresh 18.04.1 installation. And also on 16.04.5. So I do think it will affect many. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to policykit-1 in Ubuntu. https://bugs.launchpad.net/bugs/1784964 Title: Regression due to CVE-2018-1116 (processes not inheriting user ID or groups ) Status in policykit-1 package in Ubuntu: Confirmed Bug description: This report is tracking a possible regression caused by the recent CVE-2018-1116 patches to policykit-1. On 18.04, since package upgrades on July 23rd, and after the first reboot since then on Aug 1st, I hit an issue with the primary (sudo, adm, etc...) user getting Permission Denied trying to do: tail -f /var/log/syslog when that file is owned by syslog:adm and is g=r. I then found that "groups" reports only the $USER and not the entire list, but "groups $USER" reports all the groups correctly. The user shell is set to /usr/bin/tmux and /etc/tmux.conf has "set -g default-shell /bin/bash" After changing the user's shell back to /bin/bash and logging in on tty1 the list of groups shows correctly for the /bin/bash process running on tty1. I investigated and found that for the affected processes, such as the tmux process, /proc/$PID/loginuid = 4294967295 whereas the /bin/bash process on tty1 correctly reported 1000. The same with the respective gid_map and uid_map. 4294967295 == -1 == 0xFFFFFFFF The recent CVE patch to policykit has several functions where it does "uid = -1" which seems to tie in to my findings so far. I also noticed Ubuntu is still based on version 0.105 which was released in 2012 - upstream released 0.115 with the CVE patch. I suspect the backporting has missed something. The Ubuntu backport patch is: https://git.launchpad.net/ubuntu/+source/policykit-1/commit/?h=applied/ubuntu /bionic-devel&id=840c50182f5ab1ba28c1d20cce4c207364852935 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/policykit-1/+bug/1784964/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
