[Bug 1803958] Re: [UBUNTU] zkey: Fails to run commands generated by 'zkey cryptsetup'
Dimitri John Ledkov
launchpad at surgut.co.uk
Tue Nov 20 17:09:30 UTC 2018
Are you deploying zkey/zkey-cryptsetup with setuid bit on?
Do you allow calls to zkey/zkey-cryptesetup with sudoers?
Do you allow to elevate to root whilst executing zkey/zkey-cryptsetup with policykit?
as in opening it up to execute zkey/zkey-cryptsetup with escalated
privileges by otherwise non-privileged users?
Cause by default, zkey/zkey-cryptsetup is shipped without setuid, and
effectively is harmless when called by non-privileged users without an
ability to escalate privileges (by setting/controlling PATH environment,
or any other means).
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to s390-tools in Ubuntu.
https://bugs.launchpad.net/bugs/1803958
Title:
[UBUNTU] zkey: Fails to run commands generated by 'zkey cryptsetup'
Status in Ubuntu on IBM z Systems:
Triaged
Status in s390-tools package in Ubuntu:
New
Bug description:
Description: zkey: Fails to run commands generated by 'zkey
cryptsetup'
Symptom: Fails to run commands generated by 'zkey cryptsetup'.
Problem: When using 'zkey cryptsetup' with --run option the execution
of the generated commands may fail, when the executable to be run is
located in '/sbin'.
Solution: Include /sbin into PATH when executing commands.
Reproduction: Use 'zkey cryptsetup' with option --run on a distribution
where 'cryptsetup' is located in '/sbin'.
Upstream commit:
https://github.com/ibm-s390-tools/s390-tools/commit/9100327092c470c2e5b5819087c8094822a1c751
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-z-systems/+bug/1803958/+subscriptions
More information about the foundations-bugs
mailing list