Skip to Content [alt-c]

Andrew Ayer

Sections

You are here: Andrew's Site

From the blog

Thoughts on the Systemd Root Exploit

January 24, 2017

Sebastian Krahmer of the SUSE Security Team has discovered a local root exploit in systemd v228. A local user on a system running systemd v228 can escalate to root privileges. That's bad.

At a high level, the exploit is trivial:

  1. Systemd uses -1 to represent an invalid mode_t (filesystem permissions) value.
  2. Systemd was accidentally passing this value to open when creating a new file, resulting in a file with all permission bits set: that is, world-writable, world-executable, and setuid-root.
  3. The attacker writes an arbitrary program to this file, which succeeds because it's world-writable.
  4. The attacker executes this file, which ...

Read More...

Photo of the Day

Photo Thumbnail of Lincoln Woods State Park

Lincoln Woods State Park

From the album Lincoln Woods State Park.