Just tinkering around:
If you have /etc/polkit/rules.d/10-nopasswd_hack.rules with the following
content:
polkit.addRule(function(action, subject) {
if (action.id == "org.freedesktop.policykit.exec" &&
subject.isInGroup("wheel"))
{
return polkit.Result.YES;
}
});
Then you can run the following to get a root shell with absolutely no
password prompt.
pkexec -u root /bin/bash
On Mon, Sep 17, 2018 at 10:19 AM Trevor Vaughan <[email protected]>
wrote:
> On a default installation? They can't but I think they can twiddle things
> in NetworkManager from the GUI IIRC.
>
> But they also can't get to root via 'sudo' and we have rules for that.
>
> Polkit is basically sudo for DBus stuff and we have rules around what
> should, and should not, be done with sudo so I guess I expect the same
> thing with polkit.
>
> For instance, I could use pkexec to run arbitrary commands as root without
> a password if I have a rule set up for it. But, unlike sudo, there isn't a
> rule saying not to do that and a method to check for it.
>
> Thanks,
>
> Trevor
>
> On Mon, Sep 17, 2018 at 9:45 AM Thomas Haller <[email protected]> wrote:
>
>> On Mon, 2018-09-17 at 09:19 -0400, Trevor Vaughan wrote:
>> > Otherwise, there's a
>> > lovely gaping hole in the system security that can effectively be
>> > used to run pretty much anything with root permissions.
>>
>> Hi,
>>
>> This makes me wonder. How can an unpriviledged user get root
>> permissions on a default installation of RHEL? Either in general, or
>> specifically using NetworkManager.
>>
>>
>> best,
>> Thomas
>>
>
>
> --
> Trevor Vaughan
> Vice President, Onyx Point, Inc
> (410) 541-6699 x788
>
> -- This account not approved for unencrypted proprietary information --
>
--
Trevor Vaughan
Vice President, Onyx Point, Inc
(410) 541-6699 x788
-- This account not approved for unencrypted proprietary information --
_______________________________________________
scap-security-guide mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
