Oh, man. The 2000s called and they want their integer overflow bugs back.

"unprivileged users with UID > INT_MAX can successfully execute any systemctl command"

github.com/systemd/systemd/iss

@jerry @paco mind to read the bug report? I know systemd bashing is popular and always funny, but this is polkit; so please bash it too! 😜

Follow

@rugk @jerry Happy to bash the right party. And I see what you mean. Nothing like having an authentication system fail open on an assertion fail...

Sign in to participate in the conversation
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.