4 Dec
2025
4 Dec
'25
5:49 a.m.
On Wed, Dec 03, 2025 at 02:16:29PM +0100, Bernd Edlinger wrote:
Hmm, yes, that looks like an issue.
I would have expected the security engine to look at bprm->filenanme especially in the case, when bprm->interp != bprm->filename, and check that it is not a sym-link with write-access for the current user and of course also that the bprm->file is not a regular file which is writable by the current user, if that is the case I would have expected the secuity engine to enforce non-new-privs on a SUID executable somehow.
Check that _what_ is not a symlink? And while we are at it, what do write permissions to any symlinks have to do with anything whatsoever?