Looking at the diff between upstream 0.105 and Ubuntu's I happened to notice the CKDB_PATH (ConsoleKit database path) /var/run/ConsoleKit/database which seems to be consulted on some occasions.
On the affected PC which was d-r-u-ed from 16.04 ConsoleKit 0.4.6-5 is still installed and that database is present. On another PC that has a clean 18.04 install that doesn't exist because consolekit is purely virtual now. I'm not sure if this is relevant or not but worth reporting. The database contains (for the *good* session) : [Seat /org/freedesktop/ConsoleKit/Seat1] kind=0 sessions=/org/freedesktop/ConsoleKit/Session1 devices= [Session /org/freedesktop/ConsoleKit/Session1] uid=1000 seat=/org/freedesktop/ConsoleKit/Seat1 login_session_id=3 display_device=/dev/tty1 remote_host_name= is_active=false is_local=true creation_time=2018-08-02T01:18:34.707417Z [SessionLeader /org/freedesktop/ConsoleKit/Session1] session=/org/freedesktop/ConsoleKit/Session1 uid=0 pid=2494 service_name=:1.73 Note it references "display_device=/dev/tty1" That is, I think, a reference to the TTY1 console login I did first. I'm going to restart after writing this and check what is in the file if I open the GUI Terminal shell first. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to policykit-1 in Ubuntu. https://bugs.launchpad.net/bugs/1784964 Title: Regression due to CVE-2018-1116 (processes not inheriting user ID or groups ) Status in policykit-1 package in Ubuntu: Confirmed Bug description: This report is tracking a possible regression caused by the recent CVE-2018-1116 patches to policykit-1. On 18.04, since package upgrades on July 23rd, and after the first reboot since then on Aug 1st, I hit an issue with the primary (sudo, adm, etc...) user getting Permission Denied trying to do: tail -f /var/log/syslog when that file is owned by syslog:adm and is g=r. I then found that "groups" reports only the $USER and not the entire list, but "groups $USER" reports all the groups correctly. The user shell is set to /usr/bin/tmux and /etc/tmux.conf has "set -g default-shell /bin/bash" After changing the user's shell back to /bin/bash and logging in on tty1 the list of groups shows correctly for the /bin/bash process running on tty1. I investigated and found that for the affected processes, such as the tmux process, /proc/$PID/loginuid = 4294967295 whereas the /bin/bash process on tty1 correctly reported 1000. The same with the respective gid_map and uid_map. 4294967295 == -1 == 0xFFFFFFFF The recent CVE patch to policykit has several functions where it does "uid = -1" which seems to tie in to my findings so far. I also noticed Ubuntu is still based on version 0.105 which was released in 2012 - upstream released 0.115 with the CVE patch. I suspect the backporting has missed something. The Ubuntu backport patch is: https://git.launchpad.net/ubuntu/+source/policykit-1/commit/?h=applied/ubuntu /bionic-devel&id=840c50182f5ab1ba28c1d20cce4c207364852935 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/policykit-1/+bug/1784964/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
