Grinch Vulnerability Could Put a Hole In Your Linux Stocking

itwbennett writes In a blog post Tuesday, security service provider Alert Logic warned of a Linux vulnerability, named grinch after the well-known Dr. Seuss character, that could provide attackers with unfettered root access. The fundamental flaw resides in the Linux authorization system, which can inadvertently allow privilege escalation, granting a user full administrative access. Alert Logic warned that Grinch could be as severe as the Shellshock flaw that roiled the Internet in September. Update: 12/19 04:47 GMT by S : Reader deathcamaro points out that Red Hat and others say this is not a flaw at all, but expected behavior.

Grinch is not a flaw - has no CVE!!!

[darthcamaro]

The linked story is factually incorrect. Red Hat (and others) have publicly stated that this isn't a flaw at all but is in fact an expected and specified feature of PolicyKIt. I spoke with Red Hat on this, which is something that neither of the linked articles in this /. post did. It's not a flaw at all.
Also check out Red Hat Knowledgebase article on this too.

A report has been released detailing an issue that the reporter is naming "Grinch". This report incorrectly classifies expected behavior as a security issue.

Re:Grinch is not a flaw - has no CVE!!!

[jandrese]

About 3/4 of the way down the "article" they explained the vulnerability:

To control administrative access, Linux keeps a list of all the registered users on a machine, in a group typically known as “wheel,” who can be granted full root access (usually through the Unix sudo command).

A knowing attacker could get full root access by modifying the wheel group, either directly or by manipulating an adjoining program such as the Polkit graphical interface for setting user permissions, Alert Logic said.

This is patently stupid. Yes, if you give a badguy administrative access, bad things can happen--even if you use a fancy GUI to give the bad guy administrative access. The only thing that is even slightly newsworthy here is that maybe a novice admin won't understand the purpose of the wheel group and could be tricked into giving permissions, but there are a lot of ways you can trick a dumb admin, there's no need to single this one out.