ctfRenegade issues

Repositories
Issues
Comments

Results 1 issues of


                                            ctfRenegade

Missing permission checks on symlink_fs leads to privilege escalation using sudo

Missing permission checks in [symlink_fs](https://github.com/klange/toaruos/blob/e03e2ff189c3d424701a2dd10dc7ffbd55a3f346/kernel/vfs/vfs.c#L540) lead to privilege escalation by creating a symbolic link at /var/sudoers/1000 pointing to a file with a recent timestamp. sudo uses a token_file with a...