Lintian ReportsBETA

Tag versions

Wrecursive-privilege-change

The tag is present in Lintian version 2.113.26. That is the most recent version we know about.

We use semantic versions. The patch number is a commit step indicator relative to the 2.108.0 release tag in our Git repository.

You can find the detection logic for this version at commit a1e47cb. For merge requests, please use the latest version in the Lintian check scripts.

Visibility: warning

Renamed from:

The named maintainer script appears to call chmod or chown with a --recursive/-R argument, or it uses find(1) with similar intent.

All such uses are vulnerable to hardlink attacks on mainline (i.e. non-Debian) kernels that do not set fs.protected_hardlinks=1.

The security risk arises when when a non-privileged user set links to files they do not own, such as such as /etc/shadow or files in /var/lib/dpkg/. A superuser's recursive call to chown or chmod on behalf of a role user account would then modify the non-owned files in ways that allow the non-privileged user to manipulate them later.

There are several ways to mitigate the issue in maintainer scripts:

For more information please consult:

The following 93 source packages in the archive triggered the tag 166 times (in any Lintian version).

We found 19 overrides. The tag performed 89% of the time.