** Description changed: Per https://mastodon.social/@daandemeyer/115565105032166177 the run0 command is adding a new privilege escalation mechanism that has not even remotely existed in that form before, the command is run as the user but with all of roots capabilities. While interesting, the LTS cycle is not the right time to experiment with the core security properties of the system in unprecedented ways. + + The Ubuntu Security team should make a judgment call for whether to re- + enable this feature in the 26.10 cycle.
** Description changed: Per https://mastodon.social/@daandemeyer/115565105032166177 the run0 command is adding a new privilege escalation mechanism that has not even remotely existed in that form before, the command is run as the user but with all of roots capabilities. While interesting, the LTS cycle is not the right time to experiment with the core security properties of the system in unprecedented ways. The Ubuntu Security team should make a judgment call for whether to re- - enable this feature in the 26.10 cycle. + enable this feature in the 26.10 cycle. Particular attention should be + paid to whether this feature is incompatible with LSM security + properties, in particular whether it weakens the security model of + AppArmor "owner" rules. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2132177 Title: Please disable the run0 --empower feature To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/2132177/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
