It’s an LPE, and doesn’t allow full root access to anyone who isn’t already a user.
Are you saying LPEs aren’t a security hazard?
Nope. Just pointing out an alarmist headline.
Ah. Yah, well, I just went with the article’s own headline since so many comms insist on that.
By chaining legitimate services such as udisks loop-mounts and PAM/environment quirks, attackers who own any active GUI or SSH session can vault across polkit’s allow_active trust zone and emerge as root in seconds.
I recognize a few of those words.
Is it new or is it newly discovered?
Since it is open source… I guess we can rule out an intentional back door.
Since it is open source… I guess we can rule out an intentional back door.
Well, once upon a time I would have agreed with you but the xz backdoor changed my mind on that.
Can this be used to root Android phones?
If yes, it can be useful. If not, it’s potentially problematic
