Skip to content

Commit bf374fa

Browse files
committed
org.freedesktop.pkexec.usbview.policy: fix a local root privilege escalation issue via pkexec (CVE-2022-23220).
The polkit policy allowed unprivileged users to run usbview as root with arbitrary command line arguments, allowing a local root exploit. Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
1 parent 4a5de69 commit bf374fa

File tree

1 file changed

+2
-2
lines changed

1 file changed

+2
-2
lines changed

Diff for: org.freedesktop.pkexec.usbview.policy

+2-2
Original file line numberDiff line numberDiff line change
@@ -8,8 +8,8 @@
88
<message>Authentication is required to view USB bus</message>
99
<icon_name>usbview_icon</icon_name>
1010
<defaults>
11-
<allow_any>yes</allow_any>
12-
<allow_inactive>yes</allow_inactive>
11+
<allow_any>no</allow_any>
12+
<allow_inactive>no</allow_inactive>
1313
<allow_active>auth_admin_keep</allow_active>
1414
</defaults>
1515
<annotate key="org.freedesktop.policykit.exec.path">/usr/bin/usbview</annotate>

0 commit comments

Comments
 (0)