pkexec vs kernel -- root to anyone who asks nicely


Pavel Machek
 

Hi!

There's a security problem in pkexec vs. kernel interaction. Impact is
local root. If you want to get root on someone else's system, it
should be easy right now. It is fixed in 5.18, 5.10.120, and latest
4.9 and 4.19 kernels.

Do you have untrusted users on your system and you need pkexec?

Best regards,
Pavel
--
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany


Jan Kiszka
 

On 06.06.22 19:57, Pavel Machek wrote:
Hi!

There's a security problem in pkexec vs. kernel interaction. Impact is
local root. If you want to get root on someone else's system, it
should be easy right now. It is fixed in 5.18, 5.10.120, and latest
4.9 and 4.19 kernels.

Do you have untrusted users on your system and you need pkexec?
Is that https://nvd.nist.gov/vuln/detail/cve-2021-4034, and does that
relate to "This vulnerability has been modified and is currently
undergoing reanalysis."? Or is it something else?

Jan

--
Siemens AG, Technology
Competence Center Embedded Linux


Pavel Machek
 

Hi!

There's a security problem in pkexec vs. kernel interaction. Impact is
local root. If you want to get root on someone else's system, it
should be easy right now. It is fixed in 5.18, 5.10.120, and latest
4.9 and 4.19 kernels.

Do you have untrusted users on your system and you need pkexec?
Is that https://nvd.nist.gov/vuln/detail/cve-2021-4034, and does that
relate to "This vulnerability has been modified and is currently
undergoing reanalysis."? Or is it something else?
Yes, it is same thing... see dcd46d897adb70d63e025f175a00a89797d31a43
and https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt .

Pkexec is gnome-related, so should not be too usual on embedded
systems, and you should not really have untrusted users on your
embedded system, either.

But if someone has them and is using pkexec, we may need to do extra
updates.

Best regards,
Pavel
--
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany