{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreig4bqzoneupddafe3fbjblhnfmk6vytucgosssusj63iss2vkon5i",
    "uri": "at://did:plc:46ti67tc37qcmwp2vaynk6fq/app.bsky.feed.post/3mlu5y3sanxf2"
  },
  "path": "/posts/20260515-1.html",
  "publishedAt": "2026-05-15T01:18:04.940Z",
  "site": "https://blog.daniel-baumann.ch",
  "tags": [
    "last two weeks",
    "ssh-keysign-pwn",
    "upstream commit",
    "trixie-fastforward-backports"
  ],
  "textContent": "After the Linux local root privilege escalations of the last two weeks, the one of today is ssh-keysign-pwn [no CVE yet] which allows read root-owned files as an unprivileged user.\n\nI’ve cherry-picked the upstream commit to fix it in trixie-fastforward-backports (linux 7.0.4-1 backports for trixie) and confirmed that the exploits don’t work anymore.",
  "title": "Daniel Baumann: Debian: Linux Vulnerability Mitigation (ssh-keysign-pwn)",
  "updatedAt": "2026-05-15T00:00:00.000Z"
}