Posted by Solar Designer on Apr 08Hi all, I think Andrew may not be subscribed - CC'ing. Andrew, please comment on this. I do also see it in the patch that the S_ISREG check is now below the added fast path code for readable files. It doesn't matter that th…
Re: libcap-2.77 (since libcap-2.04) has TOCTOU privilege escalation issue
The libcap library versions from 2.04 to 2.77 contain a Time-of-Check to Time-of-Use (TOCTOU) vulnerability, allowing local privilege escalation on Linux systems. Attackers with local access can exploit this flaw to gain elevated privileges by manipulating file checks during race conditions.