The sosreport juju plugin refactoring has been simplified.

For now, we don't expect the juju plugin to drop privileges any time

Thanks !

** Changed in: util-linux (Ubuntu Xenial)
       Status: In Progress => Won't Fix

You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to util-linux in Ubuntu.

  add PTY support for runuser

Status in util-linux package in Ubuntu:
  Fix Released
Status in util-linux source package in Xenial:
  Won't Fix
Status in util-linux package in Debian:
  Fix Released

Bug description:





  This is fixing a CVE vulnerability:

  Restricting ioctl on the kernel side seems the better approach, patches have 
been posted to kernel-hardening list
  2.31 introduces a new --pty option to separate privileged and unprivileged
  shells (not enabled by default and the cli switch is necessary).

  After a discussion with security team on what would be their recommended way 
to run command as 'juju-user' inside the sosreport juju plugin which is run as 
root, in order to avoid using 'sudo' or 'su' command.

  The recommendation was to use 'runuser -P'

  runuser PTY support is present in Bionic and late, but not in Xenial.

  I'm opening this bug in the effort to update util-linux/runuser code
  in Xenial to add the PTY support.

To manage notifications about this bug go to:

Mailing list:
Post to     :
Unsubscribe :
More help   :

Reply via email to