KDE4 PolicyKit backdoor (misconfiguration) (testado no FBSD10x, PCBSD, provavelmente funcionará no linux)

1

recentemente encontrado subj no FreeBSD 10.x fora da caixa (com o KDE4):

[user@fbsd10] /home/user% su
Password:
su: Sorry

[user@fbsd10] /home/user% sudo csh
Password:
Sorry, user user is not allowed to execute '/bin/csh' as root on fbsd10.

[user@fbsd10] /home/user% pkexec csh
==== AUTHENTICATING FOR org.freedesktop.policykit.exec ===
Authentication is needed to run '/bin/csh' as the super user
Authenticating as: user
Password: [entered "user"s password]
==== AUTHENTICATION COMPLETE ===

[root@fbsd10] ~# id
uid=0(root) gid=0(wheel) groups=0(wheel),5(operator)

Este arquivo parece a causa de tal comportamento: /usr/local/share/polkit-1/actions/org.freedesktop.policykit.policy

Estou fazendo algo errado?

    
por o_0 19.12.2014 / 13:39

0 respostas