Skip to main content
  1. Home
  2. Computing
  3. News

Oh, the Who-manity: ‘Grinch’ security bug wreaks havoc on Linux

By

grinch security bug wreaks havoc on linux systems
Image used with permission by copyright holder
A glitch called “Grinch” after the perennially loathed yet beloved Dr. Seuss cartoon character has recently been found laying low in the depths of Linux source code. It has the catastrophic potential to let bad guys to seize remote control of any and all devices based on the platform. Including Android mobiles, which at their core have Linux roots planted in their software.

By “remote control” IT network security provider Alert Logic means total, unrestricted command over any data stored on liable systems, plus the ability to install and execute trojans and other malware contents from a distance.

Recommended Videos

The way Grinch works is by allowing access to the su (aka super user) command, and letting unauthorized individuals manipulate the wheel group assigned by default to the legit admin of the system. This results in privilege escalation which ultimately gives the attacker full access to all system functions.

Related

That sounds a lot like Shellshock’s mischievous capacity. However, according to Stephen Coty, Alert Logic’s Chief Security Evangelist, Linux admins and users can dodge attacks and remove all risk by implementing stronger methods of authentication and authorization.

Users can do this through PolKit, a policy management tool in Linux. To be frank, the settings users need to change to thwart to the Grinch are a bit over our heads, so we recommend you check out this recently broadcasted webinar about the “Grinch” flaw.

If you take authorization one step forward, and switch the default wheel assignment, you should stay clear of the green baddie with a heart two sizes too small, and enjoy your holidays in peace. Probably. Most likely. Hopefully.

Editors’ Recommendations

Adrian Diaconescu
Adrian Diaconescu
Former Digital Trends Contributor
Adrian is a mobile aficionado since the days of the Nokia 3310, and a PC enthusiast since Windows 98. Later, he discovered…
Intel Battlemage GPU: everything we know so far
Intel Arc A770 GPU installed in a test bench.

Despite a rocky start, Intel's Arc GPUs are now among the best graphics cards you can buy. Targeting budget PC gamers, Intel has established itself as a major player in gaming graphics cards, and all eyes are on Team Blue with its next generation of GPUs, codenamed Battlemage.

We know Battlemage GPUs are coming, and Intel has slowly been dropping hints about the graphics cards over the past year. Although we're still waiting on an official release date, specs, and pricing details for Battlemage GPUs, there's a lot we can piece together already.
Intel Battlemage: specs

Read more
Spotify vs. Pandora: which streaming service should you choose?
spotify vs pandora on iphone

Let's settle a musical debate: which music streaming platform should you use: Spotify or Pandora?

Both services have their unique strengths and weaknesses. Spotify boasts a more extensive music catalog, robust social features for sharing and discovering music with friends, and a more polished user experience across devices.

Read more
Ryzen AI nearly hits 60 fps in Black Myth: Wukong, but it’s not that simple
OneXFly F1 Pro gamig handheld.

Although AMD APUs appear in some of the best gaming handhelds, the latest Strix Point chips are still hard to find in new releases. However, the new OneXFly F1 Pro gamin handheld is making its debut with the Ryzen AI HX 370 chip in tow, and according to a benchmark in Black Myth: Wukong, it managed to average an impressive 58 frames per second (fps) at a 15-watt thermal design power (TDP). That's an impressive result, but digging deeper reveals that AAA gaming on the go is still not without any sacrifice.

The OneXFly F1 Pro comes with the Ryzen AI HX 370, which sports a total of 12 cores -- four Zen 5 and eight Zen 5c -- as well as 24 threads. The maximum boost clock on the Zen 5 cores reaches 5.1GHz, but the smaller Zen 5c maxes out at 3.3GHz. The default TDP was rated at 28 watts, but it can be configured between 15W and 54W. For an APU, the AI HX 370 delivers solid graphics capabilities, as it's equipped with the AMD Radeon 890M. It also sports a 7-inch OLED screen with a refresh rate of 144Hz.

Read more