D12513: CVE-2018-10361: privilege escalation
noreply at phabricator.kde.org
Wed May 9 11:51:29 UTC 2018
mgerstner added a comment.
Restricted Application edited subscribers, added: kde-frameworks-devel, kwrite-devel; removed: Frameworks.
In D12513#258565 <https://phabricator.kde.org/D12513#258565>, @aacid wrote:
> Honestly i don't understand why i have to care about anything.
> If we drop privileges, it's just some code running with regular user level
> privileges, why are symlinks a problem?
Well for one, if the target directory is owned by root, then you will be
dropping privileges to root i.e. you won't drop privileges at all.
The owners of the directory and the target file may differ. Another case might
be that target directory and file are owned by root, but one of the upper
directories is owned by a non-root user. Maybe it is a root-owned directory
that is only temporary in nature and a race condition is involved i.e. it gets
deleted before the actual file operations begin.
It would be uncommon but we never now what the situation might be. The feature
seems targeted towards users that have no big technical insight. So strange
situations can be expected. IMO prudence is the better part of valor here.
To: cullmann, dfaure
Cc: kwrite-devel, kde-frameworks-devel, mgerstner, aacid, ngraham, fvogt, cullmann, michaelh, kevinapavew, bruns, demsking, sars, dhaumann, #frameworks
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the KWrite-Devel