I haven't looked deeply into the exploit code but could imagine that different symlink trickery still works. That's why I wrote 'quick&dirty workaround for the specific sed/symlink attack vector' in the commit message. Most probably a 'solution' would be to drop privileges prior to fiddling around in user homedirs. Or maybe removing this entire mess as a real fix.
Need to: * determine if this custom solution is worth the risk / maintence / overhead * are there better alternatives * other fixes?
High
A short term mitigation for https://github.com/stealth/7350topless has been applied by Long term improvements are needed.
See talking point
I haven't looked deeply into the exploit code but could imagine that different symlink trickery still works. That's why I wrote 'quick&dirty workaround for the specific sed/symlink attack vector' in the commit message. Most probably a 'solution' would be to drop privileges prior to fiddling around in user homedirs. Or maybe removing this entire mess as a real fix.
Need to:
* determine if this custom solution is worth the risk / maintence / overhead
* are there better alternatives
* other fixes?