For the tcmu DBUS fix:
"""
- The dbus policy allows all users to call
org.kernel.TCMUService1.HandlerManager1.RegisterHandler, which doesn't seem
desirable. I don't think there is a direct security impact from this, as
external handlers need to be privileged in order to own the type-specific
well-known name on the system bus, and the call will return an error if
called before that name is owned. But I think this should only be callable
as the root user.
"""
I'm not taking action as we should wait upstream to take action on:
https://github.com/open-iscsi/tcmu-runner/issues/582
and, if there isn't a direct security impact I think it would be ok for
the MIR to continue despite this change.
With that in mind:
I: tcmu
[.] MIR ack
[.] Security ack - dbus fix orthogonal (upstream bug)
- https://github.com/open-iscsi/tcmu-runner/issues/582
There is nothing else to be done here but to wait Debian to accept my
merge proposals. I'll keep this updated based on salsa MR discussions
(if any).
-rafaeldtinoco
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1854362
Title:
[MIR] ceph-iscsi, tcmu, python-configshell-fb, python-rtslib-fb,
urwid, targetcli-fb
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ceph-iscsi/+bug/1854362/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
