[Touch-packages] [Bug 1840375] Re: groupdel doesn't support extrausers

Thu, 27 Jan 2022 08:06:05 -0800 

This bug was fixed in the package shadow - 1:4.5-1ubuntu2.2

---------------
shadow (1:4.5-1ubuntu2.2) bionic-security; urgency=medium

  * SECURITY UPDATE: Access to privileged information
    - debian/patches/CVE-2018-7169.patch: newgidmap:
      enforce setgroups=deny if self-mapping a group in
      src/newgidmap.c.
    - CVE-2018-7169

 -- Leonidas Da Silva Barbosa <leo.barb...@canonical.com>  Tue, 25 Jan
2022 13:26:21 -0300

** Changed in: shadow (Ubuntu Bionic)
       Status: Fix Committed => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-7169

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to shadow in Ubuntu.
https://bugs.launchpad.net/bugs/1840375

Title:
  groupdel doesn't support extrausers

Status in snapd:
  Fix Released
Status in shadow package in Ubuntu:
  Fix Released
Status in shadow source package in Xenial:
  Fix Committed
Status in shadow source package in Bionic:
  Fix Released
Status in shadow source package in Disco:
  Won't Fix

Bug description:
  snapd needs the ability to call 'groupdel --extrausers foo' to clean
  up after itself, but --extrausers is currently unsupported.

  [Impact]
  On ubuntu-core systems we want to be able to manage "extrausers" in the same
  way as regular users. This requires updates to the various 
{user,group}{add,del} tools. Right now "groupdel" cannot handle extrausers.

  This is an important feature for Ubuntu Core

  [Test Case]
  0. upgrade the "passwd" to the version in {xenial,bionic}-proposed
  1. install the libnss-extrausers and add "extrauers" to the passwd and shadow 
line (see /usr/share/doc/libnss-extrausers/README for the modifications in 
sswitch.conf)
  2. run "groupadd --extrausers foo" and verify "grep foo 
/var/lib/extrausers/group"
  3  check /var/lib/extrausers/group for the new "foo" group
  4. run "groupdel --extrausers foo"
  5. check /var/lib/extrausers/group and ensure the "foo" group is removed

  [Regression Potential]

   * low: this adds a new (optional) option which is off by default

To manage notifications about this bug go to:
https://bugs.launchpad.net/snapd/+bug/1840375/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to