Ars Technica Icon Ars Technica

A bug lurking for 12 years gives attackers root on every major Linux distro  ↦

Linux users on Tuesday got a major dose of bad news—a 12-year-old vulnerability in a system tool called Polkit gives attackers unfettered root privileges on machines running any major distribution of the open source operating system.

Previously called PolicyKit, Polkit manages system-wide privileges in Unix-like OSes. It provides a mechanism for nonprivileged processes to safely interact with privileged processes. It also allows users to execute commands with high privileges by using a component called pkexec, followed by the command.

Oh my. It requires local access first, which is the only good news here.


Discussion

Sign in or Join to comment or subscribe

0:00 / 0:00