[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#47229: Local privilege escalation via guix-daemon and ‘--keep-failed
|
From: |
Leo Famulari |
|
Subject: |
bug#47229: Local privilege escalation via guix-daemon and ‘--keep-failed’ |
|
Date: |
Sat, 10 Apr 2021 13:56:27 -0400 |
On Thu, Mar 18, 2021 at 12:17:15PM +0100, Ludovic Courtès wrote:
> Vulnerability
> ~~~~~~~~~~~~~
>
> The attack consists in having an unprivileged user spawn a build
> process, for instance with ‘guix build’, that makes its build directory
> world-writable. The user then creates a hardlink within the build
> directory to a root-owned file from outside of the build directory, such
> as ‘/etc/shadow’. If the user passed the ‘--keep-failed’ option and the
> build eventually fails, the daemon changes ownership of the whole build
> tree, including the hardlink, to the user. At that point, the user has
> write access to the target file.
This has been assigned CVE-2021-27851.
Soon, it should be available in the CVE database at
<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27851>
signature.asc
Description: PGP signature
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- bug#47229: Local privilege escalation via guix-daemon and ‘--keep-failed’,
Leo Famulari <=