- cross-posted to:
- linux@programming.dev
- cross-posted to:
- linux@programming.dev
You must log in or register to comment.
It’s an LPE, and doesn’t allow full root access to anyone who isn’t already a user.
Are you saying LPEs aren’t a security hazard?
Nope. Just pointing out an alarmist headline.
Ah. Yah, well, I just went with the article’s own headline since so many comms insist on that.
Yup. It wasn’t a criticism of you.
I know, they need the clickbait title for the click money but yeah -as usual- I’m mostly shrugging this off
By chaining legitimate services such as udisks loop-mounts and PAM/environment quirks, attackers who own any active GUI or SSH session can vault across polkit’s allow_active trust zone and emerge as root in seconds.
I recognize a few of those words.
Basically it’s two vulns chained; first one gives a remote user privileges that a physically present user would get, in order to do things like put a thumbdrive in and have it mount. Then that udisks privilege can be subverted to escalate that level to root. So as long as you can start a remote session, you can pull root and it doesn’t even look that hard.
So how would a bad actor start a remote session on my Linux pc?
Edited to add, downvoted for trying to learn is a new one for me.
They probably can not. Unless you’ve setup your router such that anyone can connect to an ssh instance running on your PC, and then also use a bad password. Public wifi + having something like ssh running + having a bad password.
Your PC probably doesn’t satisfy these requirements (yay!), but some servers might.
I do run some servers, but use robust passwords.
While this is a risk, it is only a real risk if the system is already exploited for regular user access. Or if there is an untrustworthy user of the system. So for most, it is not a major concern.
Or ditch udisks in favour of pmount (or udevil?), which shouldn’t be affected as far as I can tell. That will get you a few months’ grace before a similar problem pops up there.
Can this be used to root Android phones?
If yes, it can be useful. If not, it’s potentially problematic
