Control: tags -1 +confirmed +help Le jeudi, 22 novembre 2018, 19.05:19 h CET deb...@dbwats.plus.com a écrit : > The AppArmor profile supplied with cupsd isn't much use against local > attackers, as it allows cupsd to create setuid binaries at paths it > can write to (e.g. under /etc/cups). Since cupsd is run as root by > default, these binaries can be setuid root. > > (…) > > In default installations /etc is not on a nosuid mount, so provided > that they have a suitable exploit, local attackers who are unconfined > but non-root can use cupsd to create a setuid binary, then run the > binary themselves to gain unconfined root privileges.
As I only have vague understanding of AppArmor; I'll welcome help / patches. @Intri: any insight in how to address this? Cheers, OdyX