On Fri, 2019-03-15 at 22:39 +0100, Jakub Wilk wrote: > Apport tries to create /var/crash/.lock if doesn't exist already. > But > /var/crash/ is world-writable, so a malicious local user could do: > > ln -sf /nonexistent /var/crash/.lock > > to prevent Apport from creating the lock file.
Yes. /var/crash/ is world writable and has the sticky bit set. It is needed so that normal (unprivileged) user processes also write down their crash reports without seeking root privileges. -- Ritesh Raj Sarraf | http://people.debian.org/~rrs Debian - The Universal Operating System
signature.asc
Description: This is a digitally signed message part