• Please review our updated Terms and Rules here

New Linux Kernal Issue

Agent Orange

Veteran Member
Joined
Sep 24, 2008
Messages
6,612
Location
SE MI
Just passing this on as it was headlined in today's Kommersant. May be old news, don't know. A fix is supposedly on the way.

American cloud cybersecurity provider Qualys has discovered a vulnerability in Linux called PwnKit, according to a company report published on January 25. The vulnerability allows any user to gain full administrator privileges on the system - so easy that Qualys calls it "an attacker's dream."
 
I think he means can it be set up only locally (as in at the machine) or remotely?
 
If your system doesn't have pkexec on it, don't sweat it (not all systems do).
In fact, the issue was discovered in 2013. Nobody thought to issue a fix for pkexec, even though it was specifically called out 9 years ago.
 
Why a system for controlling privilege needs to be able to launch other programs escapes me, let alone upgrading those launches to root.
It's a matter of convenience. When mounting something like a USB flash device, you can either issue a "sudo mount ..." command yourself or let polkit do it (it will request a password) automatically.
 
Back
Top