Thanks for replying Eric, but I'm having trouble reproducing what you've posted. I can't write the gid map until I've written deny to /prod/$pid/setgroups, not the other way around. There might be some nuance I've missed.
Also, newgidmap will allow a user to map their own GID to 0 in the user namespace, even when there is no entry for that user in /etc/subgid. What if newgidmap wrote "deny" to /proc/$pid/setgroups unless the user is whitelisted in some config file, probably separate from /etc/subgid, as Stéphane suggested? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1729357 Title: unprivileged user can drop supplementary groups To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1729357/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
