If the tcsd daemon is started with root privileges, the tss user still has read and write access to the /etc/tcsd.conf file (which contains various settings related to this daemon).
Created trousers tracking bugs for this issue:
Affects: fedora-all [bug 1870057]
Upstream commit for this issue:
There's an issue on trousers. If trousers daemon is started using root user the default, tss unprivileged user still can write to the configuration file due to missing checks at conf_file_init() function. As tcsd.conf holds a set of sensitive configuration entries for the daemon, an attacker can use that to cause DoS, compromise confidentiality or integrity of several system data.
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2021:1627 https://access.redhat.com/errata/RHSA-2021:1627
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):