CVE-2024-45752: D-Bus service allows configuration by any unprivileged user

[hyperair]

logiops, in its default configuration, allows any unprivileged user to configure its logid daemon via an unrestricted D-Bus service, including setting malicious keyboard macros. This could potentially enable privilege escalation with minimal user interaction required.

The most basic proof-of-concept assigns a shell command to all buttons for connected peripherals. A more crafty attacker could tailor this operation to specific software used on the system, possibly monitoring the process list and mapping malicious macros at exactly the right moment.

References:

• Security audit in SUSE
• Security bug with proof of concept script
• Proof of concept script
• Debian DSA Bug#1082378

[PixlOne]

@hyperair Thank you for reporting, could you please confirm that this fixes the issue.

[hyperair]

Yep, I just verified that the updated dbus policy file prevents the exploit script from working.

Note: To anyone testing out the exploit script, back up your logid.cfg first and restore it after