Nasty Linux systemd root level security bug revealed and patched
By Steven J. Vaughan-Nichols for Linux and Open Source | June 16, 2021 -- 11:41 GMT (04:41 PDT) | Topic: Security
The good news is the seven-year-old security bug in Linux systemd's polkit, used in many Linux distros, has been patched. The bad news is that it was ever there in the first place. Polkit, which systemd uses in place of sudo, enables unauthorized users to run privileged processes they'd otherwise couldn't run. It turned out that you could also abuse polkit to get root access to a system.
The power to grab root privileges is the ultimate evil in Unix and Linux systems. Kevin Backhouse, a member of the GitHub Security Lab, found the polkit security hole in the course of his duties. He revealed it to the polkit maintainers and Red Hat's security team. Then, when a fix was released on June 3, 2021, it was publicly disclosed as CVE-2021-3560.
/cdn.vox-cdn.com/uploads/chorus_asset/file/25416369/STK473_NET_NEUTRALITY_CVIRGINIA_A.jpg)
