~kennylevinsen/seatd

0.6.2 2 years ago

seatd 0.6.2

This relase contains a security fix for a vulnerability in the
seatd-launch executable.

A user could manipulate the PATH environment variable to cause
seatd-launch to load a different executable than seatd. If seatd-launch
had the SUID bit set and was owned by a privileged user, this could be
used to mount a privilege escalation attack.

seatd and libseat are not affected by this vulnerability.

Kenny Levinsen (4):
      ci: Install seatd instead of manipulating PATH
      seatd-launch: Use absolute path for seatd
      seatd-launch: Specify exact environment to seatd
      Bump version to 0.6.2