Pkexec - linux exploit

[jim mcnamara]

TL;DR Summary

A commonly used linux command, pkexec, has a serious flaw that lets unprivileged users run commands as root..

https://arstechnica.com/information...s-attackers-root-on-every-major-linux-distro/

It's easier for PF members to get some details from the link. I'm sure fixes will start to show up soon.

.

 

[PeterDonis]

It looks like both the Linux kernel and the pkexec maintainers have patches in the works:

https://lore.kernel.org/lkml/20220126043947.10058-1-ariadne@dereferenced.org/T/

https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683

 

[jack action]

It looks like both the Linux kernel and the pkexec maintainers have patches in the works:

https://lore.kernel.org/lkml/20220126043947.10058-1-ariadne@dereferenced.org/T/

It looks like a proud "I told you so" moment for Michael Kerrisk:

Interestingly, Michael Kerrisk opened an issue about this in 2008,
but there was no consensus to support fixing this issue then.
Hopefully now that CVE-2021-4034 shows practical exploitative use
of this bug in a shellcode, we can reconsider.

 

[PeterDonis]

My Ubuntu machines have had the polkit fix pushed:

https://ubuntu.com/security/CVE-2021-4034

 

[jim mcnamara]

My linux boxes are offline for a while - but WSL Ubuntu shows the problem. That does not bode well for a fix... in the next month.

 

[PeterDonis]

WSL Ubuntu shows the problem.

You can "fix" it at least for the time being by removing the setuid bit from the pkexec executable.