Polkit exploit?

[DrPeril]

Hey all,

Just saw this on Ars. At the office atm, so I can't do much in the way of looking into it, but I thought I'd post and see if anyone else has any info about the exploit, and/or, if we need to worry about it with internet-exposed Dockers?

 

https://arstechnica.com/information-technology/2022/01/a-bug-lurking-for-12-years-gives-attackers-root-on-every-major-linux-distro/

 

Thanks~

[Squid]

pkexec doesn't exist in the standard OS itself, and the nice thing about containers is that you'd be pretty much safe since only files / folders you've given them access to would be able to take advantage of

 

Besides, this exploit is about running a particular dangerous command to then provide root level access for another non-root user.  In order to take advantage of this exploit, any hacker would first have to take advantage of another (or multiple) exploits in order to actually run a command in the first place.

 

All in all, you're probably safe, and most of the authors of the containers regularly update their containers to take advantage of any security updates.

[devnet]

As an FYI to anyone out there who has pkexec/polkit installed on their distribution of linux (perhaps in a VM) that hasn't been patched that has multiple users that you don't know/trust, you can fix the SUID-bit to prevent the exploit by chmod of the file:

 

 

chmod 0755 /usr/bin/pkexec

 

This prevents it from running as root when executed by a non-privileged user.