oss-sec mailing list archives
Re: What is the "Grinch" polkit/wheel group issue?
From: Nicolas Vigier <boklm () mars-attacks org>
Date: Wed, 17 Dec 2014 18:24:19 +0100
On Wed, 17 Dec 2014, Marcus Meissner wrote:
Hi, This probably needs a CVE too, or does it have one? https://www.alertlogic.com/blog/dont-let-grinch-steal-christmas/ http://www.pcworld.com/article/2860032/this-linux-grinch-could-put-a-hole-in-your-security-stocking.html Although it seems that the user is in the "wheel" group for this to be exploitable and is hard to specify what actions should be safed by another query or which should not.
This looks like expected behaviour: https://docs.fedoraproject.org/en-US/Fedora/20/html/Installation_Guide/sn-firstboot-systemuser.html "Check the Make this user administrator box if you would like administrative privileges. This will place you in the wheel group, which gives you access to all administrative functions, including installing and updating software, creating and altering configuration files, and administering other users."
Attachment:
_bin
Description:
Current thread:
- What is the "Grinch" polkit/wheel group issue? Marcus Meissner (Dec 17)
- Re: What is the "Grinch" polkit/wheel group issue? Elad Alfassa (Dec 17)
- Re: What is the "Grinch" polkit/wheel group issue? Todd C. Miller (Dec 17)
- Re: What is the "Grinch" polkit/wheel group issue? Nicolas Vigier (Dec 17)
- Re: What is the "Grinch" polkit/wheel group issue? Daniel Kahn Gillmor (Dec 17)
- Re: What is the "Grinch" polkit/wheel group issue? Kurt Seifried (Dec 17)
- Re: What is the "Grinch" polkit/wheel group issue? Dean Pierce (Dec 17)
- Re: What is the "Grinch" polkit/wheel group issue? Grandma Eubanks (Dec 17)
- Re: What is the "Grinch" polkit/wheel group issue? Daniel Micay (Dec 17)
- Re: What is the "Grinch" polkit/wheel group issue? Dean Pierce (Dec 17)