Hi Ansgar,
> now hoping every other `chmod -R` call gets a CVE assigned
See #889066 for a Lintian check for this.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
Package: colord
Version: 1.3.3-2
Severity: important
Tags: security
On systems with fs.protected_hardlinks=0 the postinst script allows
escalation from the colord user to root:
+---
| # sysctl fs.protected_hardlinks=0
| # runuser -u colord ln /bin/bash /var/lib/colord/bash
| # ls -l /bin/bash
|
2 matches
Mail list logo