lockdev segfaults with incomplete command-line arguments [kaboom@verdande kaboom]$ /usr/sbin/lockdev -l Segmentation fault [kaboom@verdande kaboom]$ /usr/sbin/lockdev -u Segmentation fault [kaboom@verdande kaboom]$ ls -l /usr/sbin/lockdev -rwxr-sr-x 1 root lock 12325 Jun 23 14:26 /usr/sbin/lockdev [kaboom@verdande kaboom]$ Given that lockdev is sgid, this lack of input validity sanity checking could potentially be used for an escalation of privilege attack (though it didn't actually look exploitable the little bit I looked at it)
Thanks for reporting this. It's a known problem, fixed in lockdev-1.0.0-21. We don't see that this bug can be exploited, as there is no input to the program other than the device name which, if missing, segfaults.