The named maintainer script appears to call
chown with a
-R argument, or
find(1) with similar intent.
All such uses are vulnerable to hardlink attacks on mainline (i.e.
non-Debian) kernels that do not set
The security risk arises when when a non-privileged user set links
to files they do not own, such as such as
/var/lib/dpkg/. A superuser's recursive call to
chmod on behalf of a role user account
would then modify the non-owned files in ways that allow the
non-privileged user to manipulate them later.
There are several ways to mitigate the issue in maintainer scripts:
- For a static role user, please call
chownat build time and not during the installation.
- If that is too complicated, use
runuser(1)in the relevant build parts to create files with correct ownership.
- Given a static list of files to change, use non-recursive calls
for each file. (Please do not generate the list with