Public bug reported:
Binary package hint: upstart
Upstart 0.9.4-1ubuntu1 contains user session code. For natty, user
sessions are disabled. However, should a user/admin re-enable user
session support (by pulling the Upstart.conf dbus config file from
upstream Upstart), starting a user job would allow root escalation since
all user session jobs run as root.
The following branch includes a fix for this issue:
lp:~jamesodhunt/ubuntu/natty/upstart/fix-chroot-sessions
** Affects: upstart (Ubuntu)
Importance: Critical
Assignee: James Hunt (jamesodhunt)
Status: Fix Committed
** Affects: upstart (Ubuntu Natty)
Importance: Critical
Assignee: James Hunt (jamesodhunt)
Status: Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/766206
Title:
user session support allows non-priv users to gain root privileges
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
