diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-14 13:42:30 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-14 13:42:30 +0000 |
commit | 75808db17caf8b960b351e3408e74142f4c85aac (patch) | |
tree | 7989e9c09a4240248bf4658a22208a0a52d991c4 /tags/r/recursive-privilege-change.tag | |
parent | Initial commit. (diff) | |
download | lintian-upstream.tar.xz lintian-upstream.zip |
Adding upstream version 2.117.0.upstream/2.117.0upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'tags/r/recursive-privilege-change.tag')
-rw-r--r-- | tags/r/recursive-privilege-change.tag | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/tags/r/recursive-privilege-change.tag b/tags/r/recursive-privilege-change.tag new file mode 100644 index 0000000..f844611 --- /dev/null +++ b/tags/r/recursive-privilege-change.tag @@ -0,0 +1,27 @@ +Tag: recursive-privilege-change +Severity: warning +Check: scripts +Renamed-From: maintainer-script-should-not-use-recursive-chown-or-chmod +Explanation: The named maintainer script appears to call <code>chmod</code> or + <code>chown</code> with a <code>--recursive</code>/<code>-R</code> argument, or + it uses <code>find(1)</code> with similar intent. + . + All such uses are vulnerable to hardlink attacks on mainline (i.e. + non-Debian) kernels that do not set <code>fs.protected_hardlinks=1</code>. + . + The security risk arises when a non-privileged user set links to + files they do not own, such as such as <code>/etc/shadow</code> or + files in <code>/var/lib/dpkg/</code>. A superuser's recursive call to + <code>chown</code> or <code>chmod</code> on behalf of a role user account + would then modify the non-owned files in ways that allow the + non-privileged user to manipulate them later. + . + There are several ways to mitigate the issue in maintainer scripts: + . + - For a static role user, please call <code>chown</code> at build time + and not during the installation. + - If that is too complicated, use <code>runuser(1)</code> in the + relevant build parts to create files with correct ownership. + - Given a static list of files to change, use non-recursive calls + for each file. (Please do not generate the list with <code>find</code>.) +See-Also: Bug#895597, Bug#889060, Bug#889488, runuser(1) |