Arbitrary file modification

[dali99]

When running picosnitch as a daemon, it will look for the first folder in /home/ that matches a uid > 1000. then loads config and dumps error logs and the database into that users .config/picosnitch folder.

This can be exploited by symlinking files:

ln -s /etc/importantfile .config/picosnitch/exe.log

When picosnitch starts, it will start appending logs to whatever file this unprivileged user specified.

This can lead to data corruption, denial of service, and in the worst case privilege escalation.

Found by: @dali99 @jcaesar @emilazy