Closed shosti closed 2 years ago
Hi @shosti,
Thanks for the heads-up ! The issue is tracked and polkit
will be upgraded in the next set of releases. Let's keep this opened for visibility :)
In the meantime, you can create /etc/systemd/system/usr-bin-pkexec.mount
[Mount]
What=/usr/bin/false
Where=/usr/bin/pkexec
Type=none
Options=bind
[Install]
WantedBy=local-fs.target
and start/enable it
The PR has been merged and will be shipped in the next set of releases across all the affected channels
Description
CVE: https://blog.qualys.com/vulnerabilities-threat-research/2022/01/25/pwnkit-local-privilege-escalation-vulnerability-discovered-in-polkits-pkexec-cve-2021-4034
From some quick investigation it seems like Flatcar 3033.2.0 has
pkexec
and might be vulnerable. I can try to get full reproduction steps if necessary.Impact
Potential privilege escalation.
Additional information
The recommended mitigation steps (changing the permissions of
pkexec
) don’t work because of the read-only file system.Apologies if this has already been reported elsewhere, I took a quick look but didn’t see anything.