Bug 29954

Summary: pkexec leads to root rights, see CVE-2021-4034
Product: Mageia Reporter: Markus Robert Keßler <mandrake>
Component: RPM PackagesAssignee: Mageia Bug Squad <bugsquad>
Status: RESOLVED DUPLICATE QA Contact:
Severity: critical    
Priority: Normal CC: davidwhodgins
Version: 8   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: polkit-0.116-1.1.mga7.src.rpm CVE:
Status comment:

Description Markus Robert Keßler 2022-01-28 09:53:01 CET 
Description of problem:

pkexec leads to root rights, see CVE-2021-4034


Version-Release number of selected component (if applicable):

Applies to MGA7x64, but most probably all other versions also affected



Steps to Reproduce:

cd /tmp
git clone https://github.com/berdav/CVE-2021-4034
cd CVE-2021-4034
make
./cve-2021-4034
id


Workaround before patch:

chmod u-s /usr/bin/pkexec
Comment 1 sturmvogel 2022-01-28 10:02:21 CET 
Duplicate of Bug 29944 

It's already fixed.

Mageia 7 is EOL since june 2021. Invalid!
Comment 2 Markus Robert Keßler 2022-01-28 10:27:06 CET 
Are you kidding? -- Everyone not having had the time yet to completely re-install everything is being left alone with this severe bug?
Hard to believe.

Please think twice
Comment 3 Dave Hodgins 2022-01-28 18:28:48 CET 
This is 7 months since Mageia 7 reached end of support and there is a simple
work around. As root run "chmod 0755 /usr/bin/pkexec".
 
That will mean pkexec doesn't work anymore. Running things like rpmdrake as a
regular user will not work. You must use an alternative approach to get root
privileges (open a terminal, use "su -" and then run rpmdrake or use sudo rpmdrake if you've configured sudo).

CC: (none) => davidwhodgins

Comment 4 Lewis Smith 2022-01-28 20:55:59 CET 
(In reply to Markus Robert Keßler from comment #2)
> Are you kidding? -- Everyone not having had the time yet to completely
> re-install everything is being left alone with this severe bug?
This is unfair given that it has been adreseed in Mageia 8.
If you want to roll forward your current M7 installation to M8, then Upgrade it. No need to re-install everything.

(In reply to sturmvogel from comment #1)
> Duplicate of Bug 29944 
> It's already fixed.
> Mageia 7 is EOL since june 2021. Invalid!
Thank you for spotting the duplicate. Closing as 'duplicate' rather than 'invalid', even though the latter is more correct in the circumstances.

*** This bug has been marked as a duplicate of bug 29944 ***

Version: 7 => 8
Resolution: (none) => DUPLICATE
Status: NEW => RESOLVED

Comment 5 Markus Robert Keßler 2022-01-28 21:26:06 CET 
Resolved NOW:

https://www.dipl-ing-kessler.de/developer/test/linux-src/mageia7/polkit

I found out that the patch from Redhat works with the original source, so, I created an updated package based on that.

All those who are running MGA7-x64 are invited to get it from there.

Markus