Bug#1013924: coreutils: runcon -c getfscon()s program verbatim but execve()s it; trojan moment?

On 27/06/2022 19:13, Pádraig Brady wrote: On 27/06/2022 16:04, наб wrote: Package: coreutils Version: 8.32-4+b1 Severity: normal Dear Maintainer, The strace for runcon -c true true (after a > true) contains getxattr("true", "security.selinux", "unconfined_u:object_r:user_tmp_t", 255) = 36

Bug#1013924: coreutils: runcon -c getfscon()s program verbatim but execve()s it; trojan moment?

On 27/06/2022 16:04, наб wrote: Package: coreutils Version: 8.32-4+b1 Severity: normal Dear Maintainer, The strace for runcon -c true true (after a > true) contains getxattr("true", "security.selinux", "unconfined_u:object_r:user_tmp_t", 255) = 36 execve("/usr/local/sbin/true", ["true",

Bug#1013924: coreutils: runcon -c getfscon()s program verbatim but execve()s it; trojan moment?

Package: coreutils Version: 8.32-4+b1 Severity: normal Dear Maintainer, The strace for runcon -c true true (after a > true) contains getxattr("true", "security.selinux", "unconfined_u:object_r:user_tmp_t", 255) = 36 execve("/usr/local/sbin/true", ["true", "true"]) = -1 ENOENT execve("/usr/