From e58bf35123fc69af2c6fad8e463d06134a886f5d Mon Sep 17 00:00:00 2001 From: Miller Date: Wed, 26 Jan 2022 21:50:37 -0500 Subject: [PATCH] Mitigate PwnKit vulnerability by removing setuid bit from /usr/bin/pkexec (#622) https://blog.qualys.com/vulnerabilities-threat-research/2022/01/25/pwnkit-local-privilege-escalation-vulnerability-discovered-in-polkits-pkexec-cve-2021-4034 --- rootfs/standard/usr/bin/mynode_post_upgrade.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/rootfs/standard/usr/bin/mynode_post_upgrade.sh b/rootfs/standard/usr/bin/mynode_post_upgrade.sh index 21c672de..9d90f55f 100755 --- a/rootfs/standard/usr/bin/mynode_post_upgrade.sh +++ b/rootfs/standard/usr/bin/mynode_post_upgrade.sh @@ -47,6 +47,8 @@ if ! skip_base_upgrades ; then # Migrate from version file to version+install combo /usr/bin/mynode_migrate_version_files.sh + # PwnKit vulnerability mitigation + chmod 0755 /usr/bin/pkexec # Stop and disable any old services systemctl disable https || true