On Sun 2017-10-29 23:06:31 +0100, Jason A. Donenfeld wrote:
> By the way, the program you wrote introduces a trivial local privilege
> escalation vulnerability into Debian, since not all available
> providers of the resolvconf binary set PATH themselves. Always clear
> environment variables yourself before exec'ing anything in an suid
> executable.

Thanks for this report, it should be fixed in resolvconf-admin 0.3.
This is a bad failure in the filtering that resolvconf-admin is supposed
to provide.

I note that the privilege escalation vulnerability was for any code that
would normally have been running as root anyway without resolvconf-admin
-- so it leaves systems no worse than they'd been without
resolvconf-admin (since no user is added to the resolvconf-admins group
by default).  But it's definitely a bad failure mode, given the design
and intent of resolvconf-admin.

I appreciate the catch!  Please don't hesitate to report any other
similar problems.

Regards,

        --dkg