recursive-privilege-change

The named maintainer script appears to call chmod or chown with a --recursive/-R argument, or it uses find(1) with similar intent.

All such uses are vulnerable to hardlink attacks on mainline (i.e. non-Debian) kernels that do not set fs.protected_hardlinks=1.

The security risk arises when a non-privileged user set links to files they do not own, such as such as /etc/shadow or files in /var/lib/dpkg/. A superuser's recursive call to chown or chmod on behalf of a role user account would then modify the non-owned files in ways that allow the non-privileged user to manipulate them later.

There are several ways to mitigate the issue in maintainer scripts:

Severity: warning
Experimental: false
Renamed from: maintainer-script-should-not-use-recursive-chown-or-chmod

See also