[BlueOnyx:25324] Re: CVE-2021-4034 (PwnKit) *** IMPORTANT ***
Michael Stauber
mstauber at blueonyx.it
Wed Jan 26 20:14:18 -05 2022
Hi Ken,
> Do we even need pkexec?
On 5209R nothing seems to use it, but on 5210R there are a few RPMs that
have it as dependency:
[root at 5210r ~]# rpm -q --whatrequires polkit
timedatex-0.5-3.el8.x86_64
realmd-0.16.3-23.el8.x86_64
tuned-2.16.0-1.el8.noarch
libvirt-daemon-6.0.0-37.module_el8.5.0+2608+72063365.x86_64
Either way: It's installed together with the OS in both cases.
> And does the "temporary mitigation" take care of it, or could a regular user
> undo that?
>
> chmod 0755 /usr/bin/pkexec
Only the super-user can set or remove the SUID-bit or change permissions
of root-owned files and folders. So no. A regular user cannot undo this.
--
With best regards
Michael Stauber
More information about the Blueonyx
mailing list