CVE-2022-27814: 
Rust vulnerability analysis and mitigation

SWHKD 1.1.5, a hotkey helper for Wayland, contains a security vulnerability that allows arbitrary file-existence tests via the -c option. The vulnerability was discovered during a security review of the RPM package integration submitted for openSUSE Tumbleweed and was assigned CVE-2022-27814 on March 24, 2022 (Openwall List).

The vulnerability exists in the -c daemon command line parameter functionality. When exploited, it allows an attacker to perform arbitrary file existence tests on the system. For example, when executed with pkexec, the command can be used to test for the existence of files in privileged locations, providing information about the presence or absence of specific files (Openwall List).

The vulnerability allows unauthorized users to perform file existence tests on the system, potentially leading to information disclosure about the presence of sensitive files. This could be particularly problematic when combined with root privileges through pkexec, as it enables testing for the existence of privileged files (Openwall List).

The issue was addressed in version 1.2.0 of SWHKD. The fix involves using the external cat program to read the configuration file. However, this is considered a workaround rather than a complete fix, as the root GID privilege is not properly dropped (GitHub Release, Openwall List).