SoylentNews is people
SoylentNews
Major Linux PolicyKit security vulnerability uncovered: Pwnkit:
Polkit, formerly known as PolicyKit, is a systemd SUID-root program. It's installed by default in every major Linux distribution.
[...] This vulnerability is easy to exploit. And, with it, any ordinary user can gain full root privileges on a vulnerable computer by exploiting this vulnerability in its default configuration. As Qualys wrote in its brief description of the problem: "This vulnerability is an attacker's dream come true."
[...] Why is it so bad? Let us count the ways:
- Pkexec is installed by default on all major Linux distributions.
- Qualys has exploited Ubuntu, Debian, Fedora, and CentOS in their tests, and they're sure other distributions are also exploitable.
- Pkexec has been vulnerable since its creation in May 2009 (commit c8c3d83, "Add a pkexec(1) command").
- An unprivileged local user can exploit this vulnerability to get full root privileges.
- Although this vulnerability is technically a memory corruption, it is exploitable instantly and reliably in an architecture-independent way.
- And, last but not least, it's exploitable even if the polkit daemon itself is not running.
[...] While we know Linux can be attacked, Solaris and other Unix systems may also be vulnerable. We do know, however, that OpenBSD can't be attacked by exploits using this vulnerability.
Red Hat rates the PwnKit as having a Common Vulnerability Scoring System (CVSS) score of 7.8. This is high.
When used correctly, Polkit provides an organized way for non-privileged processes to communicate with privileged processes. It is also possible to use polkit to execute commands with elevated privileges using the command pkexec followed by the command intended to be executed with root permission.
(Score: 3, Insightful) by janrinok on Thursday January 27 2022, @05:18AM (9 children)
Ubuntu has already issued the updates to fix this bug. I believe that the same will apply to many Debian-based distros. Update your software.
(Score: 3, Informative) by Runaway1956 on Thursday January 27 2022, @06:03AM (8 children)
I don't think any systemd-free distro is downstream from Ubuntu. I know MX isn't. Only Debian and Devuan is upstream from here.
(Score: 2) by janrinok on Thursday January 27 2022, @06:32AM (7 children)
Yes but Ubuntu can get their fixes from Debian - if Ubuntu has it then many, if not all, Debian derivatives will also have it. That is the point that I was making.
(Score: -1, Offtopic) by Anonymous Coward on Thursday January 27 2022, @07:20AM (6 children)
What happened to aristarchus' journal? Has he been banned for good, in the interest of free speech?
(Score: -1, Offtopic) by Anonymous Coward on Thursday January 27 2022, @07:25AM
Sure! Mod free speech advocacy as "Troll". SoylentNews has betrayed BuckFeta, for real.
(Score: 4, Funny) by janrinok on Thursday January 27 2022, @07:42AM (3 children)
Don't know - I've just got out of bed. But lets spin it into some dastardly plot before we get any facts, I'm sure somebody will be along posting as AC soon to claim some such nonsense.
(Score: 0) by Anonymous Coward on Thursday January 27 2022, @11:44AM (2 children)
Isn't is obvious? MOSSAD used the systemd/polkit bug to infiltrate SN and remove Ari's journal because they were worried he was getting to close to the truth.
(Score: 2) by DannyB on Thursday January 27 2022, @03:01PM (1 child)
he was getting two close too the truth.
FTFY
His journal seems to be right hear. [soylentnews.org]
The lower I set my standards the more accomplishments I have.
(Score: 0) by Anonymous Coward on Thursday January 27 2022, @05:42PM
I love that you changed the other "to" as well, even though you didn't bold it.
Bravo good sir.
(Score: 0) by Anonymous Coward on Friday January 28 2022, @01:28AM
You're lucky we won't.