File tree Expand file tree Collapse file tree 1 file changed +5
-1
lines changed Expand file tree Collapse file tree 1 file changed +5
-1
lines changed Original file line number Diff line number Diff line change @@ -284,7 +284,11 @@ should be given to hardening PTY/TTY handling processes and protection against p
284284regardless when privileged system operations take place. Attackers are less likely to use
285285on-disk methods such as manipulation of .profile or .bashrc when they can simply hijack the
286286requested permissions at a later date without touching disk from implants or other malicious
287- code that has obtained execution in the contexts described above.
287+ code that has obtained execution in the contexts described above. In relation to security
288+ boundaries, the polkit authentication request sent by systemd-run is ONE-SHOT, as opposed to
289+ persitent. This means that every request to systemd-run for elevation should present the user
290+ with a password prompt, by exploiting this issue the elevation request behaves as persistent
291+ for the lifecycle of the elevated program.
288292
289293-- Hacker Fantastic 04/05/2024
290294https://hacker.house
You can’t perform that action at this time.
0 commit comments