Impact

On Linux the sccache client can execute arbitrary code with the privileges of a local sccache server, by preloading the code in a shared library passed to LD_PRELOAD.

If the server is run as root (which is the default when installing the snap package), this means a user running the sccache client can get root privileges.

Patches

Upgrade to 0.4.0

Workarounds

Don't run sccache server as root.

GitHub Security Lab number

GHSL-2023-046