As much as Lennart would like them to be, systemd and polkit are not "Linux kernel"
Seven-year-old make-me-root bug in Linux service polkit patched
A seven-year-old privilege escalation vulnerability that's been lurking in several Linux distributions was patched last week in a coordinated disclosure. In a blog post on Thursday, GitHub security researcher Kevin Backhouse recounted how he found the bug (CVE-2021-3560) in a service called polkit associated with systemd, a …
COMMENTS
-
-
Friday 11th June 2021 07:14 GMT Kettle3D
This is true. But when most people these days refer to 'Linux' they are talking about the bulk of GNU/Linux distributions, and even in some cases FreeBSD.
It's like how you 'Google' something on Bing, or, increasingly commonly, call a Windows laptop a 'chromebook' and an ODT document a 'Word document'. Doesn't matter if you made it in LibreOffice or OpenOffice or Google Docs or manually wrote it in Notepad.
-
-
-
-
Sunday 13th June 2021 05:08 GMT David 132
Re: Kernel
I got temporarily sorta-banned (read: every one of my comments was flagged for manual review before it would post) several months ago, on the grounds that I'd posted a correction in a comment thread rather than use the corrections@ email link.
The annoying thing was that my "offending" post wasn't actually a correction - it was a (weak, admittedly) joke along the lines of "hey El Reg, this article's headline says Office 365, shouldn't it actually say Office 359-and-a-half-and-decreasing?"
I'm not bitter, cos I got reinstated after I politely explained the situation.
But yeah, use the corrections@ email link. To err is human, and no-one likes having their flubs called out in public, Vultures least of all.
-
-
-
-
-
-
Sunday 13th June 2021 17:30 GMT jake
Not a virus. A cancer. (was: Re: Systemd is a Virus)
Consider: systemd takes root in its host, eats massive quantities of resources as it grows, spreads unchecked into areas unrelated to the initial infection, and refuses to die unless physically removed from the system, all the while doing absolutely nothing of benefit to the host. That sounds an awful lot like a cancer to me ...
So do what I do and call it the systemd-cancer. Short, descriptive, accurate, has been known to scare management/moneybags away from distributions containing it ... what's not to like?
-
Friday 11th June 2021 14:59 GMT William Towle
Pictures something not unlike xkcd...
"Make me a sandwich"
"...Shan't"
"Seven-year-old make me a sandwich"
"...Okay <holds bread out> you're a sandwich"
-
-
Sunday 13th June 2021 22:02 GMT jake
Traditionally ...
... 0.1x wouldn't even be Alpha or Beta, it would be Internal, or perhaps Pilot build (0.96 was the traditional last Pilot Build number, indicating an 0.98 or 0.99 Beta was about to be released ... I do not ever remember seeing an 0.97, but I saw a few 0.96a, 0.96b and 0.96c).
However, that numbering scheme went away a long time ago. Today, the numbers only have meaning within the context of the individual program's release cycle and are at the whim of the lead developer.
RTFM. Live it, love it, make it your mantra.
-
-
Friday 11th June 2021 17:05 GMT Anonymous Coward
I do wish that after things like this are detected, someone with a sufficiently suspicious mind went back through the commit logs and who did it and what they were working on at the time, and whether such a bug was reasonable for a developer of that level, etc. Come on boffins let's get this sorted.
https://gitlab.freedesktop.org/polkit/polkit/-/commit/a04d13affe0fa53ff618e07aa8f57f4c0e3b9b81 <-- that commit fixes it
So who added "if (out_uid) *out_uid = data.uid;" if you send me an out_uid pointer I'll fill it up with the uid OOPS i forgot to handle the error yeah very likely
-
Friday 11th June 2021 17:24 GMT Anonymous Coward
It was Colin Walters 7 years ago. It seems very strange he would write "while (!((data.retrieved_uid && data.retrieved_pid) || data.caught_error))" and thus be aware of the ability of there to be an error, which data.caught_error indicates, since he explicitly uses it to terminate the while loop. And then in the very next line, ignores that? What else has he committed?
-
Friday 11th June 2021 17:48 GMT Anonymous Coward
His commit note (bfa5036bfb93582c5a87c44b847957479d911e38) says:
For polkit_system_bus_name_get_process_sync(), as pointed out by Miloslav Trmac, we can securely retrieve the owner uid as well from the system bus, rather than (racily) looking it up internally. This avoids use of a deprecated API. However, this is not a security fix because nothing in the polkit codebase itself actually retrieves the uid from the result of this API call. But, it might be useful in the future.
So he checked in a bit of code, that wasn't used anywhere else in the codebase (yet) that inexplicably ignores an error case (that he was aware of in the line before) and sets uid to 0. Lol.
This is if ((options == (__WCLONE|__WALL)) && (current->uid = 0)) all over again
-
-
-
Friday 11th June 2021 18:43 GMT Gene Cash
Ease of updating
I did an "apt update;apt dist-upgrade" and my system was patched before I finished the article. I wish Windows and Oracle were so easy.
policykit-1 (0.105-31) unstable; urgency=medium [ Salvatore Bonaccorso ]
* d/p/CVE-2021-3560.patch: Fix local privilege escalation involving polkit_system_bus_name_get_creds_sync() (CVE-2021-3560) (Closes: #989429)
-- Simon McVittie <smcv@debian.org> Thu, 03 Jun 2021 17:06:34 +0100
-
Friday 11th June 2021 19:26 GMT AJ MacLeod
One of the many advantages of Gentoo
in my /etc/portage/package.mask
#Kill Poettering's evil infections
sys-apps/systemd
sys-fs/udev
sys-auth/consolekit
sys-auth/polkit
sys-fs/udisks
A few years ago I had to "get involved" with polkit on a different system and the experience made me determined to rid all my own systems of it.
-
Saturday 12th June 2021 19:41 GMT Anonymous Coward
Re: One of the many advantages of Gentoo
The sad thing is when software is so deeply coded to use these "helper" services, that the FreeBSD ports have to use them too.
I refuse to install anything that requires alsa/polkit/pulseaudio/any-other-sound-server/udev/udisks etc. or related shims which are designed to work around inadequacies in Linux/GNU that don't affect FreeBSD.
-
Tuesday 15th June 2021 09:12 GMT Will Godfrey
Re: One of the many advantages of Gentoo
The way I deal with pulse audio is to delete the server, but leave the client alone. That way all the desktop stuff that thinks it is essential and that you want to hear random notify sounds in the middle of your fave music still talk to the client, which then has nowhere to send it :)
-