Mental Outlaw
In this video I cover the polkit vulnerability recently uncovered that affects many desktop linux distros such as fedora ubuntu and linux mint
₿💰💵💲Help Support the Channel by Donating Crypto💲💵💰₿
Monero
45F2bNHVcRzXVBsvZ5giyvKGAgm6LFhMsjUUVPTEtdgJJ5SNyxzSNUmFSBR5qCCWLpjiUjYMkmZoX9b3cChNjvxR7kvh436
Bitcoin
3MMKHXPQrGHEsmdHaAGD59FWhKFGeUsAxV
Ethereum
0xeA4DA3F9BAb091Eb86921CA6E41712438f4E5079
Litecoin
MBfrxLJMuw26hbVi2MjCVDFkkExz8rYvUF
Dash
Xh9PXPEy5RoLJgFDGYCDjrbXdjshMaYerz
Zcash
t1aWtU5SBpxuUWBSwDKy4gTkT2T1ZwtFvrr
Chainlink
0x0f7f21D267d2C9dbae17fd8c20012eFEA3678F14
Bitcoin Cash
qz2st00dtu9e79zrq5wshsgaxsjw299n7c69th8ryp
Etherum Classic
0xeA641e59913960f578ad39A6B4d02051A5556BfC
USD Coin
0x0B045f743A693b225630862a3464B52fefE79FdB
Subscribe to my YouTube channel http://goo.gl/9U10Wz
and be sure to click that notification bell so you know when new videos are released.
Please make a video about hypixel ddos.
Oh look at that, another vulnerability in software that I have masked years ago
Does anyone have a source for the video featured here?
The most important thing to take away from this is keep your systems updated. The Linux teams are VERY good at patching exploits in a timely manner (Unlike Redmond), so as long as you keep everything up to date, you'll be fine.
Can you talk about RISCV? Thanks~
5:50 "(Linux was) originally meant to be a server (system)"
What?? Linus made it for himself for desktop use. And although Linux took over server, he said he regrets that it didn't take over personal computers.
sudo pacman -Syu
rip I can't check if I'm safe, I spilled my tea to my laptop and I'm drying it lol
Isn't polkit used for pkexec for some gui applications or you can just omit polkit entirely?
when daddy updates you before upgrading …. (yokka yokka lee)
We are still in the stone age of computer science for sure.
Priviledge escalation exploits on software that doesnt have the rights to manage priviledges is exceedingly rare. If there's going to be one, it's going to be in one managing priviledges. That's not odd, abnormal, or an exceptionally bad fail by any standard. It happens.
It's just gnome. Many distros use it. And it Has many dependencies – no way to run it without systemd. That's the answer
if this was windows the bug would never have been fixed and people would only know about it when a million pcs got hacked
a bug found is a bug fixed, unless the bug is on windows then its a bug ignored
I thought you said 'v bucks' xd
I think that Linux was meant to be a desktop OS, but because Windows/DOS was easier to use at the time, people stayed with Windows/DOS and only enterprises moved from paid Unix to free Linux
oh no, my hannah montana distro is in trouble
Linux: oh no polkit is vulnerable, let me just run sudo dnf update
Windows: oh no, somethings broken (idk what), let me wait it a few minutes for the check for updates button to refresh so I can restart my entire computer and wait another 5 minutes
try building polkit on a fresh install of gentoo, then tell me how simple it is
Ufc security in these times, i just managed to dual boot an win7 manjaro on a 10year old 4gb laptop, damn that oesky uefi firmware!
I run alpine on my server so this actually doesn't affect me. Neat!
oh yeah, gotta emerge –ask –update –deep sys-auth/polkit
Just use freebsd or openbsd
Only One Word: Debian
Oh, it's that hemorrhoid polkit again…
it's probably used because it allows for more strict policy/permission control over one application. I have tried relying only with sudo and su. And many programs actually requires it to be able to work as expected. The same goes with dbus, even though I did not need ipc.
"Who do you trust?" I trust open source over proprietary. The end.
1.You need a machine that you a have local access to or ssh.
2.Ssh is password protected so on way or another you must be a user of a system in a first place.
3.This bug is a local bug. No real danger for home users.
4.In corporate server environments we do not even use gui nor gnome pol-kit shiped with gui elements so server wise it is BS.
5.But let say you pull this of via gui or ssh on "company server", you will lost your job.
6.Now You must tinkering with logs to hide this incredible achievement of yours, but if you delete them completely,
you put it department in an red alert state, so there is a slight chance if you only delete few lines that points on your actions,
and since it was found (the bug ) it is already patched.
Think twice till you start scare people to get more views.
Just because we do not use gentoo we are not morons, do not treat us as such.
Guess it's time to run apt-get update and apt-get upgrade
That's mostly GTK/GNOME'S fault, as other DE's don't need polkit, have their own policy manager or can work with whatever policy manager you have available.
What if I dont have polkit installed? Which i dont ever needed it btw(maybe in arch i needed but in gentoo i dont need it)
A little reminder, with Windows such a fix sometimes takes several months to years or not at all after the error was discovered 😉
remember, on windows 10 "cd c::$i30:$bitmap" and that thing with driver cmd or whatever is still unpatched
Why it doesn’t matter? Shell access is needed
You don’t find exploits in Linux distros. You find bugs. Bugs you can exploit sure
Lol, didn't work on my system. Maybe it's because I updated.
Or maybe it's because I do not have sudo lol.
USE="-polkit", not sure what problems polkit solves.
Windows is Fisher Price entry level software. It's been 100 years & Windows is still full of huge doorways that non techs can easily walk thru. Especially if they happen to use Linux. Or Unix. You also need to spend money on 3rd party "virus software". This requirement for additional software is why no majors rely on Windows for servers. And also why there is not one supercomputer that uses Windows. They all use Linux. Windows is fast food. Linux is home cooked.
I listen to you on max volume and still barely hear you, the ads sure are loud though. Thanks for the content
8:23 COUGH University of Minnesota COUGH