rsnapshot -- local privilege escalation

ID 8C5AD0CF-BA37-11D9-837D-000E0C2E438A
Type freebsd
Reporter FreeBSD
Modified 2005-04-10T00:00:00


An rsnapshot Advisory reports:

The copy_symlink() subroutine in rsnapshot incorrectly changes file ownership on the files pointed to by symlinks, not on the symlinks themselves. This would allow, under certain circumstances, an arbitrary user to take ownership of a file on the main filesystem.