blob: bfff53ef942ed0bdbb0439aedc72d978b86eb889 [file] [log] [blame]
packages:
- module: github.com/google/fscrypt
package: github.com/google/fscrypt/pam
symbols:
- NewHandle
- SetProcessPrivileges
- Handle.StopAsPamUser
versions:
- fixed: v0.2.4
- module: github.com/google/fscrypt
package: github.com/google/fscrypt/security
symbols:
- UserKeyringID
description: |
After dropping and then elevating process privileges euid, guid, and groups
are not properly restored to their original values, allowing an unprivileged
user to gain membership in the root group.
published: 2021-04-14T20:04:52Z
cves:
- CVE-2018-6558
ghsas:
- GHSA-qj26-7grj-whg3
links:
commit: https://github.com/google/fscrypt/commit/3022c1603d968c22f147b4a2c49c4637dd1be91b
context:
- https://github.com/google/fscrypt/issues/77