• Please review our updated Terms and Rules here
  • Exhibitor application for VCF West 2022 is now open! If you are interested in exhibiting, please fill out the form here.
  • Here are the results of the VCF East 2022 Post Event Survey: Survey Results

New Linux Kernal Issue

Agent Orange

Veteran Member
Joined
Sep 24, 2008
Messages
6,069
Location
SE MI
Just passing this on as it was headlined in today's Kommersant. May be old news, don't know. A fix is supposedly on the way.

American cloud cybersecurity provider Qualys has discovered a vulnerability in Linux called PwnKit, according to a company report published on January 25. The vulnerability allows any user to gain full administrator privileges on the system - so easy that Qualys calls it "an attacker's dream."
 

tradde

Veteran Member
Joined
Apr 30, 2003
Messages
1,262
Location
Katy, Tx
I think he means can it be set up only locally (as in at the machine) or remotely?
 

Chuck(G)

25k Member
Joined
Jan 11, 2007
Messages
38,863
Location
Pacific Northwest, USA
If your system doesn't have pkexec on it, don't sweat it (not all systems do).
In fact, the issue was discovered in 2013. Nobody thought to issue a fix for pkexec, even though it was specifically called out 9 years ago.
 

Chuck(G)

25k Member
Joined
Jan 11, 2007
Messages
38,863
Location
Pacific Northwest, USA
Why a system for controlling privilege needs to be able to launch other programs escapes me, let alone upgrading those launches to root.
It's a matter of convenience. When mounting something like a USB flash device, you can either issue a "sudo mount ..." command yourself or let polkit do it (it will request a password) automatically.
 
Top