I had a preliminary patch written, but it was getting quite complicated
(shadow's codebase is much more complicated than I expected -- and the
/etc/subgid parsing code is intertwined with the parsing code for all of
the other /etc/... files). I am working on it though.
I've also email the SUSE Security team about getting a CVE assigned,
though I'm not sure if it's better that we get it assigned or that the
Ubuntu folks get it assigned.
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
unprivileged user can drop supplementary groups
To manage notifications about this bug go to:
ubuntu-bugs mailing list