Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Thursday January 27 2022, @04:34AM   Printer-friendly

Major Linux PolicyKit security vulnerability uncovered: Pwnkit:

Polkit, formerly known as PolicyKit, is a systemd SUID-root program. It's installed by default in every major Linux distribution.

[...] This vulnerability is easy to exploit. And, with it, any ordinary user can gain full root privileges on a vulnerable computer by exploiting this vulnerability in its default configuration. As Qualys wrote in its brief description of the problem: "This vulnerability is an attacker's dream come true."

[...] Why is it so bad? Let us count the ways:

  • Pkexec is installed by default on all major Linux distributions.
  • Qualys has exploited Ubuntu, Debian, Fedora, and CentOS in their tests, and they're sure other distributions are also exploitable.
  • Pkexec has been vulnerable since its creation in May 2009 (commit c8c3d83, "Add a pkexec(1) command").
  • An unprivileged local user can exploit this vulnerability to get full root privileges.
  • Although this vulnerability is technically a memory corruption, it is exploitable instantly and reliably in an architecture-independent way.
  • And, last but not least, it's exploitable even if the polkit daemon itself is not running.

[...] While we know Linux can be attacked, Solaris and other Unix systems may also be vulnerable. We do know, however, that OpenBSD can't be attacked by exploits using this vulnerability.

Red Hat rates the PwnKit as having a Common Vulnerability Scoring System (CVSS) score of 7.8. This is high.

When used correctly, Polkit provides an organized way for non-privileged processes to communicate with privileged processes. It is also possible to use polkit to execute commands with elevated privileges using the command pkexec followed by the command intended to be executed with root permission.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 1, Troll) by FatPhil on Thursday January 27 2022, @08:51PM (3 children)

    by FatPhil (863) <pc-soylentNO@SPAMasdf.fi> on Thursday January 27 2022, @08:51PM (#1216282) Homepage
    Please get a single-user operating system. A multi-user OS like Unix is too advanced for you.
    --
    Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
    Starting Score:    1  point
    Moderation   -1  
       Troll=1, Total=1
    Extra 'Troll' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   1  
  • (Score: 0) by Anonymous Coward on Friday January 28 2022, @01:34AM

    by Anonymous Coward on Friday January 28 2022, @01:34AM (#1216355)

    Windows 95 then?

  • (Score: 0) by Anonymous Coward on Saturday January 29 2022, @06:02AM (1 child)

    by Anonymous Coward on Saturday January 29 2022, @06:02AM (#1216633)

    I think you misunderstood the point. A multi-user OS installed on what is effectively a single-user machine, changes the dynamics considerably. The owner of the machine has physical access to the hardware. Complete control, of everything. Including the root password, and root account.

    Isn't it reasonable to expect the OS to have a tier of user between 'root' and 'unprivileged', that is a lot closer to 'root', for that scenario?

    • (Score: 2) by FatPhil on Wednesday February 02 2022, @09:51AM

      by FatPhil (863) <pc-soylentNO@SPAMasdf.fi> on Wednesday February 02 2022, @09:51AM (#1217954) Homepage
      You appear to have forgotten that networking exists. People might be relying on access to your machine remotely. File shares, web server, irc bouncer, who knows. There's plenty more types of access to a machine than just sitting at the keyboard.
      --
      Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves