A security flaw has been discovered in Linux, dubbed Copy Fail, that allows local attackers to gain root access on popular distributions. The problem exploits a weakness in the handling of temporary files during copy operations, affecting systems with recent kernels and libraries. Both servers and desktops are exposed to a dangerous privilege escalation.
The technical flaw: how temporary copy is exploited 🔧
The vulnerability lies in the management of symbolic links and temporary files during copy operations with standard tools. A local attacker can create a malicious file that, when copied, replaces a critical system file. This allows executing code with elevated privileges, bypassing the kernel's access controls. Developers are already working on patches, but the fix is not trivial and requires deep changes in I/O logic.
The patch will arrive, but in the meantime, use your intuition ☕
Administrators can sit and wait for the official patch to arrive, or they can start praying to Linus Torvalds. In the meantime, the recommendation is not to let anyone with bad intentions near your terminal. If you see a colleague copying suspicious files, perhaps it's time to offer them a coffee and ask about their intentions. Or simply unplug the network cable and pretend nothing is happening.