This week’s issue for discussion is a very old bug in the Linux polkit package, which is a local privilege escalation attack against the ‘pkexec’ program.
This was actually discovered back in 2013 – https://ryiron.wordpress.com/2013/12/16/argv-silliness/ (Links to an external site.) – but wasn’t really understood to be exploitable at that time. One axiom of security is that security flaws only get worse with time, and this is a perfect example. An oddity in pkexec was found by Qualys to be exploitable. https://blog.qualys.com/vulnerabilities-threat-research/2022/01/25/pwnkit-local-privilege-escalation-vulnerability-discovered-in-polkits-pkexec-cve-2021-4034 (Links to an external site.)
Read the blog above, and discuss how factual it is. For example, is polkit actually installed by default everywhere? What’s the impact of this issue? What does it allow someone to do if polkit is in fact installed? What mitigations are available to remove the impact?