pwnkit (CVE-2021-4034) Privilege Escalation exploit sample
This repository contains an exploit of CVE-2021-4034, a local privilege escalation in
pkexec. This implementation is based on that described in the CVE disclosure, which you should read.
If this works on your machine, it means you are vulnerable. To address this, either update polkit to a patched version, or disable the
setuid bit on
pkexec with the following:
$ sudo chmod a-s $(which pkexec)
This exploit is dangerously easy to write based on the information in the disclosure, so patch all of your machines ASAP.
Using this repo
To run this exploit, simply run
make in the top level directory. This will compile
exploit.c, which runs the exploit, and
gconv/badconv.c, which contains the payload.
If your system is vulnerable, you will be dropped into a shell as root.
This implementation should work on any vulnerable systems, including Fedora 34+ and some versions of OpenSUSE which seem to not be vulnerable to some implementations. Specifically, this will work even if your system has a version of polkit which disables GVFS (added here).