Local privilege escalation vulnerability in polkit's pkexec
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
The permissions themselves do not indicate vulnerability; changing the permissions is a workaround for those that cannot update to v0.120 of Polkit.
Security updates were released by major distros on 25th January (last Tuesday) - as an Arch user you just need to update as normal to receive the patched version of Polkit, and not worry about permissions.
The workaround is more for people who either cannot update (for whatever reason), or who might be using distros with unique repos but without security teams/advisories (which therefor might take longer to receive the patch).
I run updates daily (just once daily) and by the time I read about the issue with polkit I was already running the fixed version. (I run Manjaro.)
ARCH updated before Manjaro, so pure ARCH based distributions should have been safe first IF UPDATED.
From what I can tell all pure DEBIAN based distributions (say Sparky and VSIDO) should also have been patched before the word even got out widely about the vulnerability.
Is a one liner to test if you're still vulnerable. It downloads c code that exploits the policykit bug, compiles it and runs it.
When vulnerable, running it gives you root shell prompt; asking it whoami you get root as response as shown in screenshot.
When not vulnerable, running it does not give you shell prompt at all.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.