Re: [FD] cpio privilege escalation vulnerability via setuid files in cpio archive

On Tue, 9 Jan 2024, Georgi Guninski wrote: On Tue, Jan 9, 2024 at 12:45 AM Harry Sintonen wrote: On Mon, 8 Jan 2024, Georgi Guninski wrote: When extracting archives cpio (at least version 2.13) preserves the setuid flag, which might lead to privilege escalation. So does for example tar. T

Re: [FD] cpio privilege escalation vulnerability via setuid files in cpio archive

On Mon, 8 Jan 2024, Georgi Guninski wrote: When extracting archives cpio (at least version 2.13) preserves the setuid flag, which might lead to privilege escalation. So does for example tar. The same rules that apply to tar also apply to cpio: "Extract from an untrusted archive only into an

Re: [FD] cpio privilege escalation vulnerability via setuid files in cpio archive

On Tue, Jan 9, 2024 at 12:45 AM Harry Sintonen wrote: > > On Mon, 8 Jan 2024, Georgi Guninski wrote: > > > When extracting archives cpio (at least version 2.13) preserves > > the setuid flag, which might lead to privilege escalation. > > So does for example tar. The same rules that apply to tar al

Re: [FD] cpio privilege escalation vulnerability via setuid files in cpio archive

Am 08.01.24 um 10:25 schrieb Georgi Guninski: One example is r00t extracts to/tmp/ and scidiot runs /tmp/micq/backd00r without further interaction from root. We believe this is vulnerability, since directory traversal in cpio is considered vulnerability. It's not a vulnerability, as a) cpio

[FD] cpio privilege escalation vulnerability via setuid files in cpio archive

cpio privilege escalation vulnerability via setuid files in cpio archive Happy New Year, let in 2024 happiness be with you! :) When extracting archives cpio (at least version 2.13) preserves the setuid flag, which might lead to privilege escalation. One example is r00t extracts to /tmp/ and scid