oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034)

From: Erik Auerswald <auerswal () unix-ag uni-kl de>
Date: Wed, 26 Jan 2022 15:11:21 +0100
Hi,

On Wed, Jan 26, 2022 at 02:34:26PM +0200, Henri Salo wrote:

On Wed, Jan 26, 2022 at 12:18:07PM +0100, Roman Medina-Heigl Hernandez wrote:

PS: Untested because my Debian machine doesn't contain pkexec,
even though Qualy's advisory says it is by default on Debian.


We had discussion off-list with Roman and this is the case only when
Debian is updated from previous release to bullseye. In clean installs
pkexec is installed.


I think this depends on how Debian is installed (e.g., keeping installer
defaults for a desktop system, or using a custom package selection).

The "policykit-1" containing pkexec is "optional" and thus not present
in all Debian installations:

    $ lsb_release -d ; apt-cache show policykit-1 | grep Priority
    Description:    Debian GNU/Linux 10 (buster)
    Priority: optional
    Priority: optional

    $ lsb_release -d ; apt-cache show policykit-1 | grep Priority
    Description:        Debian GNU/Linux 11 (bullseye)
    Priority: optional
    Priority: optional

Best regards,
Erik
Previous By Date Next
Previous By Thread Next

Current thread: