> bubblewrap is setuid
Doesn't Ubuntu have unprivileged userns available, just like e.g.
Fedora? If so, then bwrap isn't setuid, and offers no more attack
surface than the kernel does to every process (that doesn't have access
to CLONE_NEWUSER denied via e.g. seccomp, as e.g. Docker does by defau
To clarify I'm one of the upstream bubblewrap maintainers, if you have
any concerns don't hesitate to file an issue upstream, but we can chat
here too.
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to bubblewrap in Ubuntu.
https://bugs.lau
(In reply to comment #7)
> > From my reading of the manual page (haven't looked at the source),
> > it looks to me like you need to free() the individual elements too.
>
> Not according to the manpage for putenv(), which states that the string
> passed to putenv() becomes part of the environment d
Comment on attachment 76324
pkexec: Set process environment from pam_getenvlist()
Review of attachment 76324:
-
::: src/programs/pkexec.c
@@ +182,5 @@
> +{
> + guint n;
> + for (n = 0; envlist[n]; n++)
> +putenv
Tentative patch submitted here
https://bugzilla.gnome.org/show_bug.cgi?id=691987
** Bug watch added: GNOME Bug Tracker #691987
https://bugzilla.gnome.org/show_bug.cgi?id=691987
** Also affects: gdm via
https://bugzilla.gnome.org/show_bug.cgi?id=691987
Importance: Unknown
Status: U
This is a key bit:
Jan 17 07:54:33 workstation gnome-session[2959]: WARNING: Application
'gnome-shell.desktop' killed by signal 11
The lock screen is integrated into the compositor (gnome-shell) in 3.6.
An unfortunate side effect of this is that if the compositor crashes, it
will get auto-restart
6 matches
Mail list logo
