*** This bug is a security vulnerability *** Public security bug reported:
Per https://mastodon.social/@daandemeyer/115565105032166177 the run0 command is adding a new privilege escalation mechanism that has not even remotely existed in that form before, the command is run as the user but with all of roots capabilities. While interesting, the LTS cycle is not the right time to experiment with the core security properties of the system in unprecedented ways. ** Affects: systemd (Ubuntu) Importance: Critical Status: New ** Changed in: systemd (Ubuntu) Importance: Undecided => Critical ** Changed in: systemd (Ubuntu) Milestone: None => ubuntu-26.04 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2132177 Title: Please disable the run0 --empower feature To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/2132177/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
