Welcome!
Important information
-- Spectre and Meltdown vulnerabilities
-- Change in MX sources

News
-- MX Linux on social media: here
-- Mepis support still here

Current releases
-- MX-17.1 Final release info here
-- antiX-17 release info here

New users
-- Please read this first, and don't forget to add system and hardware information to posts!
-- Here are the Forum Rules

Warning! Unprivileged Linux Users With UID > INT_MAX Can Execute Any Command

Report Bugs, Issues and non- pacakage Requests
Post Reply
Message
Author
User avatar
colin_b
Forum Regular
Forum Regular
Posts: 419
Joined: Sun Mar 19, 2017 7:21 pm

Warning! Unprivileged Linux Users With UID > INT_MAX Can Execute Any Command

#1 Post by colin_b » Thu Dec 06, 2018 1:19 pm

https://thehackernews.com/2018/12/linux ... cykit.html

A low-privileged user account on most Linux operating systems with UID value anything greater than 2147483647 can execute any systemctl command unauthorizedly—thanks to a newly discovered vulnerability.

The reported vulnerability actually resides in PolicyKit (also known as polkit)—an application-level toolkit for Unix-like operating systems that defines policies, handles system-wide privileges and provides a way for non-privileged processes to communicate with privileged ones, such as "sudo," that does not grant root permission to an entire process.

The issue, tracked as CVE-2018-19788, impacts PolicyKit version 0.115 which comes pre-installed on most popular Linux distributions, including Red Hat, Debian, Ubuntu, and CentOS.

User avatar
asqwerth
Forum Veteran
Forum Veteran
Posts: 3679
Joined: Sun May 27, 2007 5:37 am

Re: Warning! Unprivileged Linux Users With UID > INT_MAX Can Execute Any Command

#2 Post by asqwerth » Thu Dec 06, 2018 1:22 pm

systemctl is for systemd, right?

What happens if you have some systemd packages like MX but systemd init isn't running?
Desktop: Intel i5-4460, 16GB RAM, Intel integrated graphics
Clevo N130WU-based Ultrabook: Intel i7-8550U (Kaby Lake R), 16GB RAM, Intel integrated graphics (UEFI)
ASUS X42D laptop: AMD Phenom II, 6GB RAM, Mobility Radeon HD 5400

User avatar
fehlix
Forum Guide
Forum Guide
Posts: 2451
Joined: Wed Apr 11, 2018 5:09 pm

Re: Warning! Unprivileged Linux Users With UID > INT_MAX Can Execute Any Command

#3 Post by fehlix » Thu Dec 06, 2018 1:30 pm

colin_b wrote:
Thu Dec 06, 2018 1:19 pm
https://thehackernews.com/2018/12/linux ... cykit.html
A low-privileged user account on most Linux operating systems with UID value anything greater than 2147483647 can execute any
IMHO, a low-privileged user would need to have root-access to create an account with such an unusual UID.
As he has already root-access to create such a user-account, don't see this an an real-live issue.
Gigabyte Z77M-D3H, Intel Xeon E3-1240 V2 (Quad core), 32GB RAM,
GeForce GTX 770, Samsung SSD 850 EVO 500GB, Seagate Barracuda 4TB

bigbenaugust
Forum Novice
Forum  Novice
Posts: 50
Joined: Wed Dec 20, 2017 10:41 am

Re: Warning! Unprivileged Linux Users With UID > INT_MAX Can Execute Any Command

#4 Post by bigbenaugust » Thu Dec 06, 2018 1:46 pm

fehlix wrote:
Thu Dec 06, 2018 1:30 pm
IMHO, a low-privileged user would need to have root-access to create an account with such an unusual UID.
As he has already root-access to create such a user-account, don't see this an an real-live issue.
Or have one created for them in a distributed/containerized environment. Very possible.
--Ben

User avatar
rootetsy
Forum Novice
Forum  Novice
Posts: 24
Joined: Sat May 12, 2018 8:45 pm

Re: Warning! Unprivileged Linux Users With UID > INT_MAX Can Execute Any Command

#5 Post by rootetsy » Thu Dec 06, 2018 3:25 pm

If I'm understanding this correctly it has nothing to do with systemd. They just used that as an example of what kinds of commands can be used with this issue. The key here is that these users will be able to run ANY command on the system without the privs being checked. Whoa! That's a big one but since it's not systemd related it does indeed affect MX.

I'm sure Debian will have a fix for this soon though.

User avatar
anticapitalista
Forum Veteran
Forum Veteran
Posts: 5842
Joined: Sat Jul 15, 2006 10:40 am

Re: Warning! Unprivileged Linux Users With UID > INT_MAX Can Execute Any Command

#6 Post by anticapitalista » Thu Dec 06, 2018 3:53 pm

Misleading info in the article.

Debian stretch, testing and sid versions of policykit-1 are using the 0.105 series. Only the Debian experimental repo is using PolicyKit version 0.115
anticapitalista
Reg. linux user #395339.

Philosophers have interpreted the world in many ways; the point is to change it.

antiX-17 "Heather Heyer" - lean and mean.
https://antixlinux.com

User avatar
fehlix
Forum Guide
Forum Guide
Posts: 2451
Joined: Wed Apr 11, 2018 5:09 pm

Re: Warning! Unprivileged Linux Users With UID > INT_MAX Can Execute Any Command

#7 Post by fehlix » Thu Dec 06, 2018 4:36 pm

anticapitalista wrote:
Thu Dec 06, 2018 3:53 pm
Misleading info in the article.

Debian stretch, testing and sid versions of policykit-1 are using the 0.105 series. Only the Debian experimental repo is using PolicyKit version 0.115
Good catch. As Ubuntu is based on Debian, latest used versions on Ubuntu is policykit-1 from series 0.105.
Gigabyte Z77M-D3H, Intel Xeon E3-1240 V2 (Quad core), 32GB RAM,
GeForce GTX 770, Samsung SSD 850 EVO 500GB, Seagate Barracuda 4TB

User avatar
rootetsy
Forum Novice
Forum  Novice
Posts: 24
Joined: Sat May 12, 2018 8:45 pm

Re: Warning! Unprivileged Linux Users With UID > INT_MAX Can Execute Any Command

#8 Post by rootetsy » Thu Dec 06, 2018 4:41 pm

anticapitalista wrote:
Thu Dec 06, 2018 3:53 pm
Misleading info in the article.

Debian stretch, testing and sid versions of policykit-1 are using the 0.105 series. Only the Debian experimental repo is using PolicyKit version 0.115
You're definitely right about that. Debian is using version 105 but it still appears to be affected. At least Debian is reporting that.
https://security-tracker.debian.org/tra ... 2018-19788

That said, while this is a big issue, it likely won't affect many people because of the odd UIDs needed to exploit it. :)

Post Reply

Return to “Bugs and Non-Package Requests Forum”