[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#47584: Race condition in ‘copy-account-skeletons’: possible privileg
|
From: |
Ludovic Courtès |
|
Subject: |
bug#47584: Race condition in ‘copy-account-skeletons’: possible privilege escalation. |
|
Date: |
Sat, 03 Apr 2021 22:33:18 +0200 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) |
Maxime Devos <maximedevos@telenet.be> skribis:
> The attack consists of the user being logged in after the account
> skeletons have been copied to the home directory, but before the
> owner of the account skeletons have been set. The user then deletes
> a copied account skeleton (e.g. @file{$HOME/.gdbinit}) and replaces
> it with a symbolic link to a file not owned by the user, such as
> @file{/etc/shadow}.
>
> The activation code then changes the ownership
> of the file the symbolic link points to instead of the symbolic
> link itself. At that point, the user has read-write access
> to the target file.
In the draft blog post, you mention that the attack cannot be carried
out when protected symlinks are enabled. This is now the case by
default on Guix System¹, so in that case, a system upgraded from a
commit after March 16th is unaffected.
Ludo’.
¹ https://issues.guix.gnu.org/47013#13