Polkit Lessons

[TheRaven]

Dangerous Code Hidden in Plain Sight for 12 years

View: https://www.youtube.com/watch?v=eTcVLqKpZJc


Don't know about the rest of you, but Polkit is starting to worry me.
Polkit devs. must be taking a page from Windows security.
Honestly, this is BS.

FBSD security/devs. need to check this video out.

 

[_martin]

This was already discussed here. I'd be worried if FreeBSD devs need to watch this video to get the Qualys report.
It's already fixed. It was not possible to pull the exploit on FreeBSD though, not even via Linux ABI.

What is more troublesome is that the issue itself was reported almost 10 years ago. And after the Qualys report I've seen some other reports where this kind of argv handling took place. But those programs were not setuid so fuzz was not so high.

 

[TheRaven]

This was already discussed here. I'd be worried if FreeBSD devs need to watch this video to get the Qualys report.
It's already fixed. It was not possible to pull the exploit on FreeBSD though, not even via Linux ABI.

What is more troublesome is that the issue itself was reported almost 10 years ago. And after the Qualys report I've seen some other reports where this kind of argv handling took place. But those programs were not setuid so fuzz was not so high.

Awesome that FBSD is insulated.
Also agree that an issue this long in the tooth and harboring such reach has not been actively addressed globally.
Thnx for the heads up _martin- it matters to me!

 

[msplsh]

This one sat for 10 years. Seems like the same sort of thing. Polkit isn't special in this regard.

CVE-2021-3156

 

[SirDice]

This one sat for 10 years. Seems like the same sort of thing. Polkit isn't special in this regard.

Yeah, it's not like BSD doesn't have old bugs.

When seekdir() Won’t Seek to the Right Position

Back in 2008, I discovered a bug in the BSD filesystem that has been there for more than 25 years, in all of the major BSDs, read the…

marcbalmer.ch

 

[msplsh]

Nice story. Good ending.