Lintian ReportsBETA

Wrecursive-privilege-change

Tag versions

The tag is present in Lintian version 2.109.6. That is the most recent version we know about.

The named maintainer script appears to call chmod or chown with a --recursive/-R argument, or it uses find(1) with similar intent.

All such uses are vulnerable to hardlink attacks on mainline (i.e. non-Debian) kernels that do not set fs.protected_hardlinks=1.

The security risk arises when when a non-privileged user set links to files they do not own, such as such as /etc/shadow or files in /var/lib/dpkg/. A superuser's recursive call to chown or chmod on behalf of a role user account would then modify the non-owned files in ways that allow the non-privileged user to manipulate them later.

There are several ways to mitigate the issue in maintainer scripts:

Please refer to Bug#895597, Bug#889060, Bug#889488, and the runuser(1) manual page for details.

Visibility: warning

Check: scripts

Renamed from:

The following 100 source packages in the archive triggered the tag 179 times.

We found 21 overrides. The tag performed 88% of the time.