** Description changed: - A missing build configuration variable allowed a default HOME - environment variable path to be built into the perf binary, which may - allow a user named 'buildd' to specify commands to be run as root when - users use the perf tool. + A certain Ubuntu build procedure for perf, as distributed in the Linux + kernel packages in Ubuntu 10.04 LTS, 12.04 LTS, 12.10, 13.04, and 13.10, + sets the HOME environment variable to the ~buildd directory and + consequently reads the system configuration file from the ~buildd + directory, which allows local users to gain privileges by leveraging + control over the buildd account. Break-Fix: - local-2013-1060
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1206200 Title: Perf allows buildd user to run arbitrary code as another user To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1206200/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
