Vulmon
<!--X-Body-Begin-->
<!--X-User-Header-->
oss-sec
mailing list archives
<!--X-User-Header-End-->
<!--X-TopPNI-->
By Date
By Thread
</form>
<!--X-TopPNI-End-->
<!--X-MsgBody-->
<!--X-Subject-Header-Begin-->
Re: pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034)
<!--X-Subject-Header-End-->
<!--X-Head-of-Message-->
From: Chris Boot <lists () bootc boo tc>
Date: Thu, 27 Jan 2022 12:16:28 +0000
<!--X-Head-of-Message-End-->
<!--X-Head-Body-Sep-Begin-->
<!--X-Head-Body-Sep-End-->
<!--X-Body-of-Message-->
On 26/01/2022 14:11, Erik Auerswald wrote:
Hi,
On Wed, Jan 26, 2022 at 02:34:26PM +0200, Henri Salo wrote:
On Wed, Jan 26, 2022 at 12:18:07PM +0100, Roman Medina-Heigl Hernandez wrote:
PS: Untested because my Debian machine doesn't contain pkexec,
even though Qualy's advisory says it is by default on Debian.
We had discussion off-list with Roman and this is the case only when
Debian is updated from previous release to bullseye. In clean installs
pkexec is installed.
I think this depends on how Debian is installed (e.g., keeping installer
defaults for a desktop system, or using a custom package selection).
The "policykit-1" containing pkexec is "optional" and thus not present
in all Debian installations:
$ lsb_release -d ; apt-cache show policykit-1 | grep Priority
Description: Debian GNU/Linux 10 (buster)
Priority: optional
Priority: optional
$ lsb_release -d ; apt-cache show policykit-1 | grep Priority
Description: Debian GNU/Linux 11 (bullseye)
Priority: optional
Priority: optional
It's not as simple as this, and also depends on a lot of factors.
If you have a graphical desktop environment installed, or a wifi card,
you will almost certainly have policykit-1 and pkexec. If you have a
GUI-less system it's less likely that you'll have it.
With that said, lots of different packages Recommend or Depend on
policykit-1, including: firewalld, libvirt, NetworkManager, tuned, and
realmd. It's also "suggested" by systemd and isc-dhcp-server, so there
are reasons to have it even if you have nothing otherwise graphical
installed.
It's effectively an alternative to sudo. If you have it installed and
you try to e.g. 'systemctl restart $unit' without sudo / having a root
shell, systemd will use polkit to try to elevate and let you do it.
Cheers,
Chris
--
Chris Boot
bootc () boo tc
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<!--X-Follow-Ups-End-->
<!--X-References-->
<!--X-References-End-->
<!--X-BotPNI-->
By Date
By Thread
Current thread:
pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034) Qualys Security Advisory (Jan 25)
Re: pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034) Sam James (Jan 25)
Re: pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034) Roman Medina-Heigl Hernandez (Jan 26)
Re: pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034) Henri Salo (Jan 26)
Re: pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034) Erik Auerswald (Jan 26)
Re: pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034) Chris Boot (Jan 27)
Re: pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034) Matthias Schmidt (Jan 26)
Re: pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034) Dominik Czarnota (Jan 26)
Re: pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034) Kai Lüke (Jan 27)
Re: pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034) Bastian Blank (Jan 27)
<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->