Are you deploying zkey/zkey-cryptsetup with setuid bit on?
Do you allow calls to zkey/zkey-cryptesetup with sudoers?
Do you allow to elevate to root whilst executing zkey/zkey-cryptsetup with policykit?
as in opening it up to execute zkey/zkey-cryptsetup with escalated privileges by otherwise non-privileged users?
Cause by default, zkey/zkey-cryptsetup is shipped without setuid, and effectively is harmless when called by non-privileged users without an ability to escalate privileges (by setting/controlling PATH environment, or any other means).
Are you deploying zkey/zkey- cryptsetup with setuid bit on? cryptesetup with sudoers? cryptsetup with policykit?
Do you allow calls to zkey/zkey-
Do you allow to elevate to root whilst executing zkey/zkey-
as in opening it up to execute zkey/zkey- cryptsetup with escalated privileges by otherwise non-privileged users?
Cause by default, zkey/zkey- cryptsetup is shipped without setuid, and effectively is harmless when called by non-privileged users without an ability to escalate privileges (by setting/controlling PATH environment, or any other means).