Linux Polkit Privilege Vulnerability Can be Exploited to Get Root Shell
A fix is available for a privilege elevation vulnerability in the polkit system service that is installed by default on many Linux systems. The flaw was introduced in a commit seven years ago, shipping with polkit v. 0.113. The researcher who discovered the flaw says it “is surprisingly easy to exploit.” The fix was released on June 3, 2021.
Check your Linux distributions, for applicability; this applies to RHEL 8, Fedora 21 (or later), Debian “Bullseye,” and Ubuntu 20.04 among others. Think of Polkit as an alternative to sudo, where some commands require explicit permission and others are simply executed. Exploiting the weakness, which uses simple commands, requires interrupting the command at the right point to trigger the vulnerable code. The mitigation is to patch the affected systems now, particularly on any internet facing Linux systems.
systemd is further confirming its reputation as a security nightmare. But remember that Polkit replaces sudo, which in itself has had a spotty history. It isn't easy to allow for the flexible assignment of elevated privileges. Update as your Linux distribution makes updates available.
Read more in
GitHub: Privilege escalation with polkit: How to get root on Linux with a seven-year-old bug
The Register: Seven-year-old make-me-root bug in Linux service polkit patched
Bleeping Computer: Linux system service bug lets you get root on most modern distros
The Hacker News: 7-Year-Old Polkit Flaw Lets Unprivileged Linux Users Gain Root Access