From ec91d2eb9febafd82de3b30bd76fb621f3da5026 Mon Sep 17 00:00:00 2001 From: Andreas Kling Date: Mon, 30 Mar 2020 11:32:33 +0200 Subject: [PATCH] Documentation: Inform people that `anon` can `su` to `root` by default \0 pointed out that this is not mentioned anywhere, technically making it a "local privilege escalation" bug. This patch adds it to the documentation, and I've also paid out the first $5 bounty to the "Kiwis for Kiwi" charity as per \0's request! http://serenityos.org/bounty/kiwis4kiwi.png --- Documentation/BuildInstructions.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Documentation/BuildInstructions.md b/Documentation/BuildInstructions.md index bdfee42942..ad94453cea 100644 --- a/Documentation/BuildInstructions.md +++ b/Documentation/BuildInstructions.md @@ -60,6 +60,9 @@ Once you've built the toolchain, go into the `Kernel/` directory, then run **./makeall.sh**, and if nothing breaks too much, take it for a spin by using **./run**. +Note that the `anon` user is able to become `root` without password by default, as a development convenience. +To prevent this, remove `anon` from the `wheel` group and he will no longer be able to run `/bin/su`. + Bare curious users may even consider sourcing suitable hardware to [install Serenity on a physical PC.](https://github.com/SerenityOS/serenity/blob/master/INSTALL.md) Later on, when you `git pull` to get the latest changes, there's no need to rebuild the toolchain. You can simply rerun **./makeall.sh** in the `Kernel/` directory and you'll be good to **./run** again.