Ars Technica Icon Ars Technica

A bug lurking for 12 years gives attackers root on every major Linux distro  ↦

Linux users on Tuesday got a major dose of bad news—a 12-year-old vulnerability in a system tool called Polkit gives attackers unfettered root privileges on machines running any major distribution of the open source operating system.

Previously called PolicyKit, Polkit manages system-wide privileges in Unix-like OSes. It provides a mechanism for nonprivileged processes to safely interact with privileged processes. It also allows users to execute commands with high privileges by using a component called pkexec, followed by the command.

Oh my. It requires local access first, which is the only good news here.


Discussion

Sign in or Join to comment or subscribe

Player art
  0:00 / 0:00