The sosreport juju plugin refactoring has been simplified. For now, we don't expect the juju plugin to drop privileges any time soon.
Thanks ! ** Changed in: util-linux (Ubuntu Xenial) Status: In Progress => Won't Fix -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to util-linux in Ubuntu. https://bugs.launchpad.net/bugs/1828901 Title: add PTY support for runuser Status in util-linux package in Ubuntu: Fix Released Status in util-linux source package in Xenial: Won't Fix Status in util-linux package in Debian: Fix Released Bug description: [IMPACT] [TEST CASE] [REGRESSION POTENTIAL] [OTHER INFORMATION] Debbug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815922 This is fixing a CVE vulnerability: https://security-tracker.debian.org/tracker/CVE-2016-2779 Restricting ioctl on the kernel side seems the better approach, patches have been posted to kernel-hardening list http://www.openwall.com/lists/oss-security/2016/02/27/1 https://marc.info/?l=util-linux-ng&m=145694736107128&w=2 2.31 introduces a new --pty option to separate privileged and unprivileged shells (not enabled by default and the cli switch is necessary). [ORIGINAL DESCRIPTION] After a discussion with security team on what would be their recommended way to run command as 'juju-user' inside the sosreport juju plugin which is run as root, in order to avoid using 'sudo' or 'su' command. The recommendation was to use 'runuser -P' runuser PTY support is present in Bionic and late, but not in Xenial. I'm opening this bug in the effort to update util-linux/runuser code in Xenial to add the PTY support. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/1828901/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : firstname.lastname@example.org Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp