~kennylevinsen/seatd-announce

seatd 0.6.2

Details
Message ID
<QS1IZQ.7QSIIUSM2XSK2@kl.wtf>
DKIM signature
missing
Download raw message
Announcing the release of seatd 0.6.2.

https://git.sr.ht/~kennylevinsen/seatd/refs/0.6.2

---

seatd 0.6.2

This relase contains a security fix for a vulnerability in the
seatd-launch executable.

A user could manipulate the PATH environment variable to cause
seatd-launch to load a different executable than seatd. If seatd-launch
had the SUID bit set and was owned by a privileged user, this could be
used to mount a privilege escalation attack.

seatd and libseat are not affected by this vulnerability.

Kenny Levinsen (4):
      ci: Install seatd instead of manipulating PATH
      seatd-launch: Use absolute path for seatd
      seatd-launch: Specify exact environment to seatd
      Bump version to 0.6.2
Reply to thread Export thread (mbox)