CVE-2023-1521: 
Rust vulnerability analysis and mitigation

CVE-2023-1521 is a local privilege escalation vulnerability affecting sccache, discovered in March 2023. The vulnerability allows a sccache client to execute arbitrary code with the privileges of a local sccache server on Linux systems. This vulnerability was particularly concerning when the server was running as root, which was the default configuration when installing via the snap package (GitHub Advisory, Security Lab).

The vulnerability stems from how sccache handles compile requests to the server. When sending a compile request, the client includes a copy of the local environment variables. The server then executes the compile command using these same environment variables without proper validation. An attacker can exploit this by setting the LD_PRELOAD environment variable to point to a malicious shared library, which the server then executes with its privileges. The vulnerability has been assigned a CVSS v4 base score of 7.3 (High severity), with metrics indicating Local attack vector, Low attack complexity, and No privileges required (GitHub Advisory).

The vulnerability enables a regular user on a Linux machine with a system-wide sccache installation running the server as root to gain full administrative access to the machine. This is particularly significant when the server is running as root, which was the default configuration in the snap package installation (Security Lab).

The vulnerability was fixed in sccache version 0.4.0, released in March 2023. For users unable to upgrade, the primary workaround is to avoid running the sccache server as root (GitHub Advisory).

The vulnerability was quietly fixed in v0.4.0 without any mention in the release notes. The issue was discovered and reported by Paolo Tranquilli (@redsun82) and coordinated through the GitHub Security Lab (Security Lab).