2022年1月25日,qualys安全研究人员公开了cve-2021-4034 polkit pkexec本地提权漏洞的细节。该漏洞源于polkit pkexec在处理命令行参数时的错误,允许非特权用户通过参数注入在存在漏洞的主机上获取完全的root权限。
我在检查了几台Linux设备后,发现它们都存在这个问题,急需修复。修复方法如下:第一种方法是通过执行yum update polkit命令来更新解决问题。第二种方法适用于单机环境或上述命令执行失败的情况,可以通过执行chmod 0755 /usr/bin/pkexec命令删除SUID-bit权限来规避漏洞风险。如果ll /usr/bin/pkexec命令返回的结果显示为-rwsr-xr-x,则表示存在问题;如果显示为-rwxr-xr-x,则表示已修复。
第一种修复方法的具体操作过程如下:
[root@NCCLOUD-CPYY-YLZ ~]# yum update polkit Loaded plugins: fastestmirror Determining fastest mirrors base | 2.2 kB 00:00:00 epel | 3.3 kB 00:00:00 extras-source | 1.5 kB 00:00:00 mysql-connectors | 1.5 kB 00:00:00 mysql-tools | 1.5 kB 00:00:00 mysql56-community | 1.5 kB 00:00:00 mysql57-community | 1.5 kB 00:00:00 mysql80-community | 1.5 kB 00:00:00 updates-source | 1.5 kB 00:00:00 (1/4): epel/7/x86_64/updateinfo | 1.1 MB 00:00:00 (2/4): epel/7/x86_64/primary | 3.9 MB 00:00:00 (3/4): mysql-tools/primary | 23 kB 00:00:00 (4/4): updates-source/7/x86_64/primary | 7.8 MB 00:00:00 epel 13728/13728 mysql-tools 137/137 updates-source 3411/3411 Resolving Dependencies --> Running transaction check ---> Package polkit.x86_64 0:0.112-18.el7 will be updated ---> Package polkit.x86_64 0:0.112-26.el7_9.1 will be an update --> Finished Dependency Resolution <h1>Dependencies Resolved</h1><h1>Package Arch Version Repository Size</h1><p>Updating: polkit x86_64 0.112-26.el7_9.1 updates-source 170 k</p><h1>Transaction Summary</h1><p>Upgrade 1 Package</p><p>Total download size: 170 k Is this ok [y/d/N]: y Downloading packages: Delta RPMs disabled because /usr/bin/applydeltarpm not installed. polkit-0.112-26.el7_9.1.x86_64.rpm | 170 kB 00:00:00 Running transaction check Running transaction test Transaction test succeeded Running transaction Updating : polkit-0.112-26.el7_9.1.x86_64 1/2 Cleanup : polkit-0.112-18.el7.x86_64 2/2 Verifying : polkit-0.112-26.el7_9.1.x86_64 1/2 Verifying : polkit-0.112-18.el7.x86_64 2/2 </p><p>Updated: polkit.x86_64 0:0.112-26.el7_9.1</p><p>Complete!
