CVE-2022-30688: needrestart 0.8+ local privilege escalation

[Thomas Liske <thomas () fiasko-nw net>]

# needrestart: local privilege escalation

https://github.com/liske/needrestart


## Description

A local privilege escalation has been found in needrestart. CVE-2022-
30688 has been assigned to this issue.

The interpreter heuristic contains unanchored regexs allowing local
users to execute arbitrary code in the context of the user running
needrestart. Needrestart might be run as root by package manager hooks
on package installations or upgrades.


## Affected

Affected: needrestart >= 0.8
Fixed in: needrestart >= 3.6


## Mitigation

Disabling the interpreter heuristic in neederstart's config prevents
this attack:

 # Disable interpreter scanners.
 $nrconf{interpscan} = 0;


## Credit

Reported by Jakub Wilk.



Regards,
Thomas Liske

Attachment: anchor-interp-re.patch
Description:

Attachment: signature.asc
Description: This is a digitally signed message part