Skip to content

Commit

Permalink
org.freedesktop.pkexec.usbview.policy: fix a local root privilege esc…
Browse files Browse the repository at this point in the history
…alation issue via pkexec (CVE-2022-23220).

The polkit policy allowed unprivileged users to run usbview as root with
arbitrary command line arguments, allowing a local root exploit.

Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  • Loading branch information
gregkh committed Jan 21, 2022
1 parent 4a5de69 commit bf374fa
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions org.freedesktop.pkexec.usbview.policy
Original file line number Diff line number Diff line change
Expand Up @@ -8,8 +8,8 @@
<message>Authentication is required to view USB bus</message>
<icon_name>usbview_icon</icon_name>
<defaults>
<allow_any>yes</allow_any>
<allow_inactive>yes</allow_inactive>
<allow_any>no</allow_any>
<allow_inactive>no</allow_inactive>
<allow_active>auth_admin_keep</allow_active>
</defaults>
<annotate key="org.freedesktop.policykit.exec.path">/usr/bin/usbview</annotate>
Expand Down

0 comments on commit bf374fa

Please # to comment.