*** This bug is a security vulnerability *** You have been subscribed to a public security bug by Jamie Strandboge (jdstrand):
Binary package hint: makejail This bug was reported against Debian in the first place. See [1]. The DDs however found that the bug was caused downstream by an Ubuntu specific change. makejail defines as a default: self.pathToLdConfig="/sbin/ldconfig" On Ubuntu this is not the real ldconfig but a bash shell script. Therefore the config should point to self.pathToLdConfig="/sbin/ldconfig.real". Otherwise a bash shell will be introduced into *all* jails, introducing an unnecessary security risk. [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495116 ** Affects: makejail (Ubuntu) Importance: Undecided Status: New -- makejail must use ldconfig.real by default https://bugs.launchpad.net/bugs/263614 You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
