LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Kernel prepatch 3.9-rc6

LWN.net Weekly Edition for April 4, 2013

LWN.net Weekly Edition for March 28, 2013

A kernel change breaks GlusterFS

PyCon: Evangelizing Python

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

gnome-system-log: privilege escalation

Package(s):gnome-system-log CVE #(s):CVE-2012-5535
Created:December 10, 2012 Updated:December 12, 2012
Description: From the Red Hat bugzilla:

gnome-system-log-3.6.0-1.fc18 is set up so that

$ gnome-system-log

executes "logview" as root through pkexec, only asking for the invoking user's password (because the org.gnome.logview.config.date.pkexec.run (sic) action has default policy auth_self_keep).

Running an X11 application as root in a session of a completely unprivileged user is risky enough in itself; however logview also allows (via the "wheel" button/Open) opening any file on the system, including /etc/shadow. This is at least a confidentiality violation; reading various authentication cookies or ssh private keys might even allow this to be amplified into a privilege escalation.

Alerts:
Fedora FEDORA-2012-18659 2012-12-09
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds