Bugzilla – Bug 1113666
VUL-0: CVE-2018-15687: systemd: Dereference of symlinks in chown_recursive.c:chown_one() allows for modification of file privileges
Last modified: 2019-11-15 07:55:12 UTC
A race condition in chown_one() of systemd allows an attacker to cause systemd
to set arbitrary permissions on arbitrary files. Affected releases are systemd
versions up to and including 239.
According to my analysis the vulnerable code first appeared in a1164ae380, which was introduced with version v235. This would mean that our code is not affected by this.
Could a systemd maintainer please verify this?
Until StateDirectory= and friends are not chowned recursively when a service is started, this is only needed by Factory (v239) indeed.
The fix has been backported to Factory so re-assigning this bug to the secteam.