Pkexec Exploit Gives Attackers Root on Major Linux Distros

  • Thread starter Thread starter jim mcnamara
  • Start date Start date
  • Tags Tags
    Linux
Join the discussion
Ask a follow-up here, or get your own question answered by working scientists, mathematicians and engineers — people, not an autocomplete.
Real named experts · corrections over time · the nuance an AI answer skips
5 replies · 1K views
Messages
4,789
Reaction score
3,854
TL;DR
A commonly used linux command, pkexec, has a serious flaw that lets unprivileged users run commands as root..
Reply
  • Informative
Likes   Reactions: jack action and berkeman
Physics news on Phys.org
PeterDonis said:
It looks like both the Linux kernel and the pkexec maintainers have patches in the works:

https://lore.kernel.org/lkml/20220126043947.10058-1-ariadne@dereferenced.org/T/

It looks like a proud "I told you so" moment for Michael Kerrisk:
https://lore.kernel.org/lkml/20220126043947.10058-1-ariadne@dereferenced.org/T/ said:
Interestingly, Michael Kerrisk opened an issue about this in 2008,
but there was no consensus to support fixing this issue then.
Hopefully now that CVE-2021-4034 shows practical exploitative use
of this bug in a shellcode, we can reconsider.
 
Reply
  • Haha
Likes   Reactions: Borg
My linux boxes are offline for a while - but WSL Ubuntu shows the problem. That does not bode well for a fix... in the next month.
 
jim mcnamara said:
WSL Ubuntu shows the problem.
You can "fix" it at least for the time being by removing the setuid bit from the pkexec executable.
 
Reply
  • Like
Likes   Reactions: jim mcnamara