15 Mar
2024
15 Mar
'24
13:16
https://bugzilla.suse.com/show_bug.cgi?id=1220190 https://bugzilla.suse.com/show_bug.cgi?id=1220190#c19 --- Comment #19 from Matthias Gerstner <matthias.gerstner@suse.com> --- I just noticed that the current implementation of this service still has an issue: the renameat() is performed as root, but the unprivileged user can also pass on file descriptors for directories it doesn't own like /etc. Thus the caller could cause a "core" dump file to be placed anywhere in the system it has read access for. I just wrote this in the upstream MR#, it should be addressed before whitelisting the Polkit action. -- You are receiving this mail because: You are on the CC list for the bug.