@wxcafe I'm having a massive deja-vu right now. Wasn't there some other exploit around the UID that was possible in the last year and a half or so?

@spacekookie @wxcafe That bug was that services with an invalid USER= setting (e.g. with a username that started with a digit) still got started, but as root (github.com/systemd/systemd/iss).

This one is a straight bug in polkit. I don't think there is anything that systemd can do, other than to stop using polkit entirely.

@spacekookie @wxcafe I'm pretty sure this bug also means that anything that demands authentication in e.g. KDE or GNOME, flatpak, fwupd,... will be open to users with a UID > INT_MAX.

Because those also use polkit.

Sign in to participate in the conversation

This is a mastodon instance for social justice activists, LGBTQIA+ people, and activists in general See the Goals and technical details, and Rules and privacy policy pages for more information