[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#47584: Race condition in ‘copy-account-skeletons’: possible privileg
From: |
Maxime Devos |
Subject: |
bug#47584: Race condition in ‘copy-account-skeletons’: possible privilege escalation. |
Date: |
Sun, 04 Apr 2021 15:29:01 +0200 |
User-agent: |
Evolution 3.34.2 |
On Sat, 2021-04-03 at 18:26 +0200, Maxime Devos wrote:
> A suggested blog post is attached.
A revised blog post is attached.
The following points are currently _not_ addressed:
Ludovic Courtès wrote:
> Also… in this paragraph, it’s not entirely clear which user we’re
> talking about it. In news.scm, I reworded it like so:
> The attack can happen when @command{guix system reconfigure} is running.
> Running @command{guix system reconfigure} can trigger the creation of new
> user
> accounts if the configuration specifies new accounts. If a user whose
> account
> is being created manages to log in after the account has been created but
> before ``skeleton files'' copied to its home directory have the right
> ownership, they may, by creating an appropriately-named symbolic link in the
> home directory pointing to a sensitive file, such as @file{/etc/shadow}, get
> root privileges.
>
> It may also be worth mentioning that the user is likely unable to log in
> at all at that point, as I wrote here:
I can't think of something along these lines to write at the moment ...
Greetings,
Maxime.
0001-website-Add-post-about-vulnerability-in-copy-account.patch
Description: Text Data
signature.asc
Description: This is a digitally signed message part