r3pek
/
CVE-2021-4034
mirror of https://github.com/arthepsy/CVE-2021-4034
1
0
Fork 0
Code Releases Activity

Merge c36cf71f95 into 0e48795ab0

Browse Source
pull/6/merge
The Watcher 2 years ago committed by GitHub
parent 0e48795ab0 c36cf71f95
commit abc847924f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 20 additions and 0 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 20
      README.md

20
README.md
Unescape View File

@ -30,3 +30,23 @@ sh-4.2# id
uid=0(root) gid=0(root) groups=0(root),11000(user) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
sh-4.2# exit
```
## About Polkit pkexec for Linux
Polkit (formerly PolicyKit) is a component for controlling system-wide privileges in Unix-like operating systems. It provides an organized way for non-privileged processes to communicate with privileged processes. It is also possible to use polkit to execute commands with elevated privileges using the command pkexec followed by the command intended to be executed (with root permission).
# Mitigation
If no patches are available for your operating system, you can remove the SUID-bit from pkexec as a temporary mitigation.
```bash
# chmod 0755 /usr/bin/pkexec
```
The exploit then will fail complaining that `pkexec` must have the
setuid bit enabled.
```bash
xd@The-Watcher:~$ sudo chmod 0755 /usr/bin/pkexec
xd@The-Watcher:~$ ./cve-2021-4034
GLib: Cannot convert message: Could not open converter from “UTF-8” to “PWNKIT”
pkexec must be setuid root
```

Write Preview
Loading…
Cancel
Save