"unprivileged users with UID > INT_MAX can successfully execute any systemctl command"

@wxcafe I'm having a massive deja-vu right now. Wasn't there some other exploit around the UID that was possible in the last year and a half or so?

@spacekookie @wxcafe That bug was that services with an invalid USER= setting (e.g. with a username that started with a digit) still got started, but as root (

This one is a straight bug in polkit. I don't think there is anything that systemd can do, other than to stop using polkit entirely.

@spacekookie @wxcafe I'm pretty sure this bug also means that anything that demands authentication in e.g. KDE or GNOME, flatpak, fwupd,... will be open to users with a UID > INT_MAX.

Because those also use polkit.

Sign in to participate in the conversation

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!