Interesting article:
https://www.bleepingcomputer.com/news/s ... -released/
https://arstechnica.com/information-tec ... ux-distro/
12 year old bug; root
-
version2013
- Posts: 142
- Joined: Mon Jul 13, 2020 11:30 pm
- Has thanked: 3 times
- Been thanked: 23 times
- Contact:
12 year old bug; root
-
jamesbond
- Posts: 576
- Joined: Tue Aug 11, 2020 3:02 pm
- Location: The Pale Blue Dot
- Has thanked: 86 times
- Been thanked: 306 times
Re: 12 year old bug; root
Thanks @version2013 (I'm still not used to calling you version2013, I still remember you as @greendome 
).
Fatdog64 in all of its versions are not affected because we don't use polkit 
-
ozsouth
- Posts: 1386
- Joined: Sun Jul 12, 2020 2:38 am
- Location: S.E. Australia
- Has thanked: 212 times
- Been thanked: 610 times
Re: 12 year old bug; root
For those of us with standard puppies, the first article contains a temporary mitigation - run in a terminal:
chmod 0755 /usr/bin/pkexec
Removes the setuid bit, so non-root programs cannot escalate to root priviliges.
Anything needing to do that will fail. Use at own risk.
-
wiak
- Posts: 3665
- Joined: Tue Dec 03, 2019 6:10 am
- Location: Packing - big job
- Has thanked: 56 times
- Been thanked: 1026 times
- Contact:
Re: 12 year old bug; root
https://threatpost.com/linux-bug-in-all ... ue/177996/
If there’s one saving grace in this Log4j-esque, déjà vu situation, it’s that PwnKit is a local privilege-escalation vulnerability. “Any vulnerability that gives root access on a Linux system is bad. Fortunately, this vulnerability is a local exploit, which mitigates some risk,” Yaniv Bar-Dayan, CEO and co-founder at Vulcan Cyber, told Threatpost on Wednesday.
I suspect doesn't matter on Puppy since running as root user locally anyway. A local exploit by root user to become root user ... ???
https://www.tinylinux.info/
DOWNLOAD wd_multi for hundreds of 'distros' at your fingertips: viewtopic.php?p=99154#p99154
Αξίζει να μεταφραστεί;