git.ipfire.org Git - thirdparty/shadow.git/commit

]> git.ipfire.org Git - thirdparty/shadow.git/commit

projects / thirdparty / shadow.git / commit

author	Samanta Navarro <ferivoz@riseup.net>
	Thu, 18 May 2023 11:56:17 +0000 (11:56 +0000)
committer	Iker Pedrosa <ikerpedrosam@gmail.com>
	Thu, 18 May 2023 13:36:59 +0000 (15:36 +0200)
commit	812f934e77700afedbf5e929b282f29a47b2d9c6
tree	aa6d7626901c079f6e91de757ca7ee03f5c7c469	tree \| snapshot
parent	1132b8923624b07183c2202c63c21ad4325ee5e8	commit \| diff

process_prefix_flag: Drop privileges

Using --prefix in a setuid binary is quite dangerous. An unprivileged
user could prepare a custom shadow file in home directory. During a data
race the user could exchange directories with links which could lead to
exchange of shadow file in system's /etc directory.

This could be used for local privilege escalation.

Signed-off-by: Samanta Navarro <ferivoz@riseup.net>

libmisc/prefix_flag.c

diff | blob | blame | history

Mirror of https://github.com/shadow-maint/shadow.git

RSS Atom