systemd-tmpfiles in systemd prior to 237 attempts to support ownership/permission changes on hardlinked files even if the fs.protected_hardlinks sysctl is turned off, which allows local users to bypass intended access restrictions via vectors involving a hard link to a file for which the user lacks write access, as demonstrated by changing the ownership of the /etc/passwd file.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
systemd project systemd |
||
debian debian linux 8.0 |
||
opensuse leap 42.3 |