Posted by halfdog on Dec 16

Hello List,

This ([1]) is a short article how to use the setgid directory
/var/cache/man to escalate privileges from man/man to man/root on Ubuntu
Vivid and to root/root via the “catman” cron job [2]. In my opinion this
is not a really big issue, but I had quite fun analyzing it and writing
a tool to use SUID-binaries to create arbitrary SGID-binaries. So
perhaps someone else might have fun reading the article and reproducing
the…