A bug lurking for 12 years gives attackers root on every major Linux distro

Dan Goodin

from Ars Technica - All content on 2022-01-26 01:55 (#5VDTZ)

Linux users on Tuesday got a major dose of bad news-a 12-year-old vulnerability in a system tool called Polkit gives attackers unfettered root privileges on machines running any major distribution of the open source operating system.

Previously called PolicyKit, Polkit manages system-wide privileges in Unix-like OSes. It provides a mechanism for nonprivileged processes to safely interact with privileged processes. It also allows users to execute commands with high privileges by using a component called pkexec, followed by the command.

Trivial to exploit and 100 percent reliable

Like most OSes, Linux provides a hierarchy of permission levels that controls when and what apps or users can interact with sensitive system resources. The design is intended to limit the damage that can happen if a user isn't trusted to have administrative control of a network or if the app is hacked or malicious.

Read 9 remaining paragraphs | Comments

index?i=DoyGGTU0rYc:vJK6HJsCaoM:V_sGLiPB

index?i=DoyGGTU0rYc:vJK6HJsCaoM:F7zBnMyn

Source	RSS or Atom Feed
Feed Location	http://feeds.arstechnica.com/arstechnica/index
Feed Title	Ars Technica - All content
Feed Link	https://arstechnica.com/