hwclock(8) SUID privilege escalation

Posted by up201407890 on May 27

Hello,

During a recent assessment I have stumbled across a system which had
hwclock(8) setuid root

hwclock is a part of util-linux, all versions affected

$ man hwclock | sed -n ‘223,231p’

Users access and setuid
Sometimes, you need to install hwclock setuid root. If you
want users other than the superuser to be able to display the clock
value using the direct ISA I/O
method, install it setuid root. If you have the…

Leave a Reply