Economy

A bug lurking for 12 years gives attackers root on every major Linux distro

Enlarge (credit: Getty Images)

Linux users on Tuesday got a major dose of bad news—a 12-year-old vulnerability in a system tool called Polkit gives attackers unfettered root privileges on machines running any major distribution of the open source operating system.

Previously called PolicyKit, Polkit manages system-wide privileges in Unix-like OSes. It provides a mechanism for nonprivileged processes to safely interact with privileged processes. It also allows users to execute commands with high privileges by using a component called pkexec, followed by the command.

Trivial to exploit and 100 percent reliable

Like most OSes, Linux provides a hierarchy of permission levels that controls when and what apps or users can interact with sensitive system resources. The design is intended to limit the damage that can happen if the app is hacked or malicious or if a user isn’t trusted to have administrative control of a network.

Read 8 remaining paragraphs | Comments

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button
Close
Close