On Tue, 15 Jul 2025 at 14:29:13 +0200, Moritz Mühlenhoff wrote:
The following vulnerability was published for policykit-1.
CVE-2025-7519[0]:
| When processing an XML policy with 32 or
| more nested elements in depth
[...]
|
| To exploit
| this flaw, a high-privilege account is needed
Honestly, I don't think this is a security vulnerability and I think the
CVE should have been rejected. I think it's just a bug.
If an attacker can install XML policy files for polkit, then the
defender has already lost, because write access to /usr provides
arbitrary root code execution; the attacker is already on the protected
side of the airtight hatchway[1].
The clue is in the name: "policy" is exactly the thing that a sysadmin
or distro integrator, with unlimited privileges, uses to control what
privileges are given to users and system processes.
smcv
[1] https://devblogs.microsoft.com/oldnewthing/20240102-00/?p=109217
_______________________________________________
Pkg-utopia-maintainers mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-utopia-maintainers
