Major Linux PolicyKit security vulnerability uncovered: Pwnkit:
Polkit, formerly known as PolicyKit, is a systemd SUID-root program. It's installed by default in every major Linux distribution.
[...] This vulnerability is easy to exploit. And, with it, any ordinary user can gain full root privileges on a vulnerable computer by exploiting this vulnerability in its default configuration. As Qualys wrote in its brief description of the problem: "This vulnerability is an attacker's dream come true."
[...] Why is it so bad? Let us count the ways:
- Pkexec is installed by default on all major Linux distributions.
- Qualys has exploited Ubuntu, Debian, Fedora, and CentOS in their tests, and they're sure other distributions are also exploitable.
- Pkexec has been vulnerable since its creation in May 2009 (commit c8c3d83, "Add a pkexec(1) command").
- An unprivileged local user can exploit this vulnerability to get full root privileges.
- Although this vulnerability is technically a memory corruption, it is exploitable instantly and reliably in an architecture-independent way.
- And, last but not least, it's exploitable even if the polkit daemon itself is not running.
[...] While we know Linux can be attacked, Solaris and other Unix systems may also be vulnerable. We do know, however, that OpenBSD can't be attacked by exploits using this vulnerability.
Red Hat rates the PwnKit as having a Common Vulnerability Scoring System (CVSS) score of 7.8. This is high.
When used correctly, Polkit provides an organized way for non-privileged processes to communicate with privileged processes. It is also possible to use polkit to execute commands with elevated privileges using the command pkexec followed by the command intended to be executed with root permission.
(Score: 1, Interesting) by Anonymous Coward on Thursday January 27 2022, @07:11PM (4 children)
The issue with using those same tried-and-true tools today is, it involves a non-trivial amount of fucking around on my part to get it all working, if it can be done at all. Whether that is because distribution-maintainers (by this I mean the Canonical's and Red Hat's of the world, the folks who put together 'a distro') have gone out of their way to make it a pain in the ass, or because computer usage patterns and user expectations have changed and the tools have not kept pace, is a question for another thread. Myself, I lean towards the second one. But, to address your point:
Don't misunderstand me, I'm not advocating for a maximium-bling desktop experience; I run a pretty boring setup. My machine boots to a console prompt, same as it has for twenty years. I log in, type startx, and away I go.
But that being said, I do, in the year 2022, have some basic expectations: I expect to be able to shut the machine down from my DE's main menu, using the large and well labeled 'Shutdown' button. Or reboot it. I expect to be able to suspend or hibernate it. I expect, when I plug a usb drive in, to have it automatically mounted, read-write, to a directory that I as a user have access to. I expect to connect to any wifi network I please, or to change my wired-network IP and other settings as needed. I expect to be able to use the USB-RS232 converter I have, if I plug it in. I expect to add or remove printers, and administer them as needed. And so on.
And I expect all of those things to happen without FUCKING AROUND with entering root passwords, user passwords, dealing with Vista-style 'security' pop-ups, manually editing /etc/sudoers, tweaking udev rules by hand, or any other bullshit. It's a multi-user OS on a single-user machine, not a goddamn mainframe.
It needs. To Just. Work.
And making that happen using sudo, su, groups and so on, reliably and repeatably, by default for any user who installs the distro, is apparently a massive headache and/or nigh impossible using the tools of yore, because shit like PolicyKit, ConsoleKit, and SystemD didn't just spring in to being overnight for no reason whatsoever. Somebody, somewhere, saw a need that wasn't being addressed, and dealt with it.
And now we're stuck with that new garbage, on top of the old, somewhat-less garbage.
And on top of that, at least in my case with a polkit:yes/systemd:no Gentoo install, it still rarely Just Works.
Sucks, don't it?
Rant over. Posted AC so I don't get reply alerts, I don't give a damn what anyone else thinks on the topic.
(Score: 1, Troll) by FatPhil on Thursday January 27 2022, @08:51PM (3 children)
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 0) by Anonymous Coward on Friday January 28 2022, @01:34AM
Windows 95 then?
(Score: 0) by Anonymous Coward on Saturday January 29 2022, @06:02AM (1 child)
I think you misunderstood the point. A multi-user OS installed on what is effectively a single-user machine, changes the dynamics considerably. The owner of the machine has physical access to the hardware. Complete control, of everything. Including the root password, and root account.
Isn't it reasonable to expect the OS to have a tier of user between 'root' and 'unprivileged', that is a lot closer to 'root', for that scenario?
(Score: 2) by FatPhil on Wednesday February 02 2022, @09:51AM
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves