Lintian ReportsBETA

Wrecursive-privilege-change

The tag is present in Lintian version 2.104.244. That is the most recent version we know about.

The named maintainer script appears to call chmod or chown with a --recursive/-R argument, or it uses find(1) with similar intent.

All such uses are vulnerable to hardlink attacks on mainline (i.e. non-Debian) kernels that do not set fs.protected_hardlinks=1.

The security risk arises when when a non-privileged user set links to files they do not own, such as such as /etc/shadow or files in /var/lib/dpkg/. A superuser's recursive call to chown or chmod on behalf of a role user account would then modify the non-owned files in ways that allow the non-privileged user to manipulate them later.

There are several ways to mitigate the issue in maintainer scripts:

Refer to Bug#895597, Bug#889060, Bug#889488, and the runuser(1) manual page for details.

Visibility: warning

Check: scripts

Renamed from:

The following 96 source packages in the archive triggered the tag 169 times.

We found 17 overrides. The tag performed 90% of the time.