Read Time:26 Second
Posted by fulldisclosure on Jan 14
Am 08.01.24 um 10:25 schrieb Georgi Guninski:
It’s not a vulnerability, as
a) cpio archives must archive that flag as cpio is part of RPM packages
and those
must be able to contain setuid flags. Otherwise, you would need to add
chmod u+s cmds to any %POST
section. Breaking this, would invalidate so many existing packages =>
won’t happen
note: initramfs makes use of cpio as well, but setuid is not needed
here, as it’s…