SECURITY ALERT -- BBAI owners ONLY (Debian 9): /usr/bin/pkexec exploit
For BeagleBone-AI based Kiwis running Debian 9 (ONLY)
QUICK FIX:
From the admin page, console tab, or from an ssh connection to your Kiwi logged in as root, type:
chmod 755 /usr/bin/pkexec
This removes the "set user ID" (SUID) bit from the file permissions. pkexec is not used for anything Kiwi-related, so it doesn't matter.
BETTER FIX:
Do a package upgrade to get the latest Debian 9 security fixes. From a root connection as above, type:
pkup
pkug
Note that libpolkit and policykit should appear in the output from the pkug command:
The following packages will be upgraded:
bb-customizations libnss3 libpolkit-agent-1-0 libpolkit-backend-1-0 libpolkit-gobject-1-0 libqt5svg5 liburiparser1 libxfont2 policykit-1
It's not 100% clear that the above upgrade actually fixes the problem. So also do:
chmod 755 /usr/bin/pkexec
DISCUSSION:
Regular BeagleBone Green / Black Kiwis (the vast majority of them) running Debian 8 are not effected (pkexec doesn't exist).
The recent experimental Debian 10 Kiwi release is not effected (pkexec doesn't exist). But might as well do a pkup pkug as above to get the most recent security patches.
More information: hackaday.com/2022/01/26/major-bug-grants-root-for-all-major-linux-distributions