Hacker News new | past | comments | ask | show | jobs | submit login
Privilege escalation with polkit: How to get root on Linux with a seven-year-ol (github.blog)
100 points by todsacerdoti 2 days ago | hide | past | favorite | 11 comments





Polkit version 0.119 fixes it, here's the diff: https://gitlab.freedesktop.org/polkit/polkit/-/commit/a04d13...

My first guess was defaulting the uid to -1 lol. But yeah that works too.

> It’s used by systemd, so any Linux distribution that uses systemd also uses polkit.

I can't help imagining a distro developer looking out at systemd across a lava field and saying:

"You were the chosen one! It was said that you would destroy the badly designed legacy components, not join them!"


Take a look at the bug. It’s polkit defaulting to 0 if dbus is down for the UID. A terrible but understandable default. It has absolutely nothing to do with the systemd structure other than being a component with a bug.

Defaulting to root UID is not an understandable default.

Systemd requiring polkit is a valid issue.


Defaulting an int to 0 is understandable. Defaulting a uid to 0 is terrible (if you reread my response that’s what I said)

The quoted statement is not entirely accurate, polkit is compile-time optional in systemd. Though most distributions will use it because it's an enhancement over the even older sudo-type authentication mechanisms.

Title doesn't quite fit, how about this instead?

"Privilege escalation with polkit: Rooting Linux with a 7-year-old bug"


The versioning scheme of `pkexec` in Debian based Linuxes leaves a little to be desired.. `pkexec --version` in Debian 10 and Ubuntu 20 (server/minimal) both report `0.105` but according to the article it's fine for `0.105-25` (Debian 10) and vulnerable in `0.105-26` (Ubuntu >18).. but you can't find out from the CLI.

The self-reported version from `pkexec` could definitely be clearer. Instead I checked the versions of the installed packages using `dpkg -l | grep -i polkit`. On an up-to-date Ubuntu 20.04 desktop I see `0.105-26ubuntu1.1`.

I simply love this kind of articles and writing style!



Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: