There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier: ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink.
There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier: ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink.
https://sourceware.org/bugzilla/show_bug.cgi?id=26945 https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=014cc7f849e8209623fc99264814bce7b3b6faf2 https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=1a1c3b4cc17687091cff5a368bd6f13742bcfdf8 https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=365f5fb6d0f0da83817431a275e99e6f6babbe04