Welcome!
Forum users

Current releases
--MX-23 release info here
--Migration information to MX-23 here
--antiX-23.1 (Arditi del Popolo) release info here

Important information
--If in starting your system it boots to an unwanted Desktop, right click desktop, then select leave and logout. At the
login screen there is a session chooser at the top of the screen.

News
-- MX Linux on social media: here
-- New Forum Features, Marking Solved and Referencing a User: here

Warning! Unprivileged Linux Users With UID > INT_MAX Can Execute Any Command

Report Bugs, Issues and non- package Requests
Post Reply
Message
Author
User avatar
colin_b
Posts: 452
Joined: Sun Mar 19, 2017 7:21 pm

Warning! Unprivileged Linux Users With UID > INT_MAX Can Execute Any Command

#1 Post by colin_b »

https://thehackernews.com/2018/12/linux ... cykit.html

A low-privileged user account on most Linux operating systems with UID value anything greater than 2147483647 can execute any systemctl command unauthorizedly—thanks to a newly discovered vulnerability.

The reported vulnerability actually resides in PolicyKit (also known as polkit)—an application-level toolkit for Unix-like operating systems that defines policies, handles system-wide privileges and provides a way for non-privileged processes to communicate with privileged ones, such as "sudo," that does not grant root permission to an entire process.

The issue, tracked as CVE-2018-19788, impacts PolicyKit version 0.115 which comes pre-installed on most popular Linux distributions, including Red Hat, Debian, Ubuntu, and CentOS.

User avatar
asqwerth
Developer
Posts: 7180
Joined: Sun May 27, 2007 5:37 am

Re: Warning! Unprivileged Linux Users With UID > INT_MAX Can Execute Any Command

#2 Post by asqwerth »

systemctl is for systemd, right?

What happens if you have some systemd packages like MX but systemd init isn't running?
Desktop: Intel i5-4460, 16GB RAM, Intel integrated graphics
Clevo N130WU-based Ultrabook: Intel i7-8550U (Kaby Lake R), 16GB RAM, Intel integrated graphics (UEFI)
ASUS X42D laptop: AMD Phenom II, 6GB RAM, Mobility Radeon HD 5400

User avatar
fehlix
Developer
Posts: 10275
Joined: Wed Apr 11, 2018 5:09 pm

Re: Warning! Unprivileged Linux Users With UID > INT_MAX Can Execute Any Command

#3 Post by fehlix »

colin_b wrote: Thu Dec 06, 2018 1:19 pm
https://thehackernews.com/2018/12/linux ... cykit.html
A low-privileged user account on most Linux operating systems with UID value anything greater than 2147483647 can execute any
IMHO, a low-privileged user would need to have root-access to create an account with such an unusual UID.
As he has already root-access to create such a user-account, don't see this an an real-live issue.
Gigabyte Z77M-D3H, Intel Xeon E3-1240 V2 (Quad core), 32GB RAM,
GeForce GTX 770, Samsung SSD 850 EVO 500GB, Seagate Barracuda 4TB

bigbenaugust
Posts: 56
Joined: Wed Dec 20, 2017 10:41 am

Re: Warning! Unprivileged Linux Users With UID > INT_MAX Can Execute Any Command

#4 Post by bigbenaugust »

fehlix wrote: Thu Dec 06, 2018 1:30 pm IMHO, a low-privileged user would need to have root-access to create an account with such an unusual UID.
As he has already root-access to create such a user-account, don't see this an an real-live issue.
Or have one created for them in a distributed/containerized environment. Very possible.
--Ben

User avatar
rootetsy
Posts: 19
Joined: Sat May 12, 2018 8:45 pm

Re: Warning! Unprivileged Linux Users With UID > INT_MAX Can Execute Any Command

#5 Post by rootetsy »

If I'm understanding this correctly it has nothing to do with systemd. They just used that as an example of what kinds of commands can be used with this issue. The key here is that these users will be able to run ANY command on the system without the privs being checked. Whoa! That's a big one but since it's not systemd related it does indeed affect MX.

I'm sure Debian will have a fix for this soon though.

User avatar
anticapitalista
Developer
Posts: 4158
Joined: Sat Jul 15, 2006 10:40 am

Re: Warning! Unprivileged Linux Users With UID > INT_MAX Can Execute Any Command

#6 Post by anticapitalista »

Misleading info in the article.

Debian stretch, testing and sid versions of policykit-1 are using the 0.105 series. Only the Debian experimental repo is using PolicyKit version 0.115
anticapitalista
Reg. linux user #395339.

Philosophers have interpreted the world in many ways; the point is to change it.

antiX with runit - lean and mean.
https://antixlinux.com

User avatar
fehlix
Developer
Posts: 10275
Joined: Wed Apr 11, 2018 5:09 pm

Re: Warning! Unprivileged Linux Users With UID > INT_MAX Can Execute Any Command

#7 Post by fehlix »

anticapitalista wrote: Thu Dec 06, 2018 3:53 pm Misleading info in the article.

Debian stretch, testing and sid versions of policykit-1 are using the 0.105 series. Only the Debian experimental repo is using PolicyKit version 0.115
Good catch. As Ubuntu is based on Debian, latest used versions on Ubuntu is policykit-1 from series 0.105.
Gigabyte Z77M-D3H, Intel Xeon E3-1240 V2 (Quad core), 32GB RAM,
GeForce GTX 770, Samsung SSD 850 EVO 500GB, Seagate Barracuda 4TB

User avatar
rootetsy
Posts: 19
Joined: Sat May 12, 2018 8:45 pm

Re: Warning! Unprivileged Linux Users With UID > INT_MAX Can Execute Any Command

#8 Post by rootetsy »

anticapitalista wrote: Thu Dec 06, 2018 3:53 pm Misleading info in the article.

Debian stretch, testing and sid versions of policykit-1 are using the 0.105 series. Only the Debian experimental repo is using PolicyKit version 0.115
You're definitely right about that. Debian is using version 105 but it still appears to be affected. At least Debian is reporting that.
https://security-tracker.debian.org/tra ... 2018-19788

That said, while this is a big issue, it likely won't affect many people because of the odd UIDs needed to exploit it. :)

Post Reply

Return to “Bugs and Non-Package Requests Forum”