0.6.4 2 years ago

seatd 0.6.4

This release contains a security fix for a vulnerability in the
seatd-launch executable.

A user could specify a socket path that collides with an existing file.
If seatd-launch had the SUID bit set and was owned by a privileged user,
this could be used to remove files that the calling user itself did not
have sufficient privileges to remove.

seatd and libseat are not affected by this vulnerability.

Kenny Levinsen (3):
      seatd-launch: Remove socket path command line arg
      seatd-launch: Use snprintf for socket path
      Bump version to 0.6.4