Article 5VDTZ A bug lurking for 12 years gives attackers root on every major Linux distro

A bug lurking for 12 years gives attackers root on every major Linux distro

by
Dan Goodin
from Ars Technica - All content on (#5VDTZ)
cyber-800x534.jpeg

Enlarge (credit: Getty Images)

Linux users on Tuesday got a major dose of bad news-a 12-year-old vulnerability in a system tool called Polkit gives attackers unfettered root privileges on machines running any major distribution of the open source operating system.

Previously called PolicyKit, Polkit manages system-wide privileges in Unix-like OSes. It provides a mechanism for nonprivileged processes to safely interact with privileged processes. It also allows users to execute commands with high privileges by using a component called pkexec, followed by the command.

Trivial to exploit and 100 percent reliable

Like most OSes, Linux provides a hierarchy of permission levels that controls when and what apps or users can interact with sensitive system resources. The design is intended to limit the damage that can happen if a user isn't trusted to have administrative control of a network or if the app is hacked or malicious.

Read 9 remaining paragraphs | Comments

index?i=DoyGGTU0rYc:vJK6HJsCaoM:V_sGLiPB index?i=DoyGGTU0rYc:vJK6HJsCaoM:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments