Skip to main content

Oh, the Who-manity: ‘Grinch’ security bug wreaks havoc on Linux

grinch security bug wreaks havoc on linux systems
Image used with permission by copyright holder
A glitch called “Grinch” after the perennially loathed yet beloved Dr. Seuss cartoon character has recently been found laying low in the depths of Linux source code. It has the catastrophic potential to let bad guys to seize remote control of any and all devices based on the platform. Including Android mobiles, which at their core have Linux roots planted in their software.

By “remote control” IT network security provider Alert Logic means total, unrestricted command over any data stored on liable systems, plus the ability to install and execute trojans and other malware contents from a distance.

The way Grinch works is by allowing access to the su (aka super user) command, and letting unauthorized individuals manipulate the wheel group assigned by default to the legit admin of the system. This results in privilege escalation which ultimately gives the attacker full access to all system functions.

That sounds a lot like Shellshock’s mischievous capacity. However, according to Stephen Coty, Alert Logic’s Chief Security Evangelist, Linux admins and users can dodge attacks and remove all risk by implementing stronger methods of authentication and authorization.

Users can do this through PolKit, a policy management tool in Linux. To be frank, the settings users need to change to thwart to the Grinch are a bit over our heads, so we recommend you check out this recently broadcasted webinar about the “Grinch” flaw.

If you take authorization one step forward, and switch the default wheel assignment, you should stay clear of the green baddie with a heart two sizes too small, and enjoy your holidays in peace. Probably. Most likely. Hopefully.

Editors' Recommendations

Adrian Diaconescu
Former Digital Trends Contributor
Adrian is a mobile aficionado since the days of the Nokia 3310, and a PC enthusiast since Windows 98. Later, he discovered…
Get this HP 17-inch laptop for $300 instead of the usual $660
The HP 17-inch laptop against a white background.

Seventeen-inch laptops toe the line between portability and size, making them more expensive than your average laptop. Some of the best 17-inch laptops can easily cost you thousands of dollars. Luckily, there HP has come up with a very budget-friendly solution in the form of the HP laptop 17z, and while it's not one of the best laptops on the market, it is an excellent budget-oriented choice for a 17-inch laptop. Even better, HP currently discounts it down to $300 from the usual $560 price tag, which is a significant $260 off.

Why you should buy the HP Laptop 17z
As the name implies, the HP Laptop 17z has a large 17.3-inch screen running a 1920 x 1080 resolution and can hit a peak brightness of 250nits, which isn't a lot, but it's good enough for a well-lit room, especially with its anti-glare coating. You could potentially upgrade to a touch version of the screen for $30, but since it would knock the resolution down to 1600 x 900, it's not worth it, especially with a larger 17.3-inch screen. What will be worth the upgrade is taking the networking option from the Wi-Fi5 and Bluetooth 4.2 standard up to the Wi-Fi 6 and Bluetooth 5 standard for an extra $20, which will make sure your laptop has a strong connection for streaming or doing online meetings and will be future-proof for at least the next 5-6 years.

Read more
Get a lifetime of 1TB cloud storage for $160
Using Koofr cloud storage on a phone.

One thing about most of the best cloud storage services that you're sure not to like is having to pay for them. Again and again, month after month, they ask for money to continue holding your files. It makes sense, in a way, as their servers take constant real estate and electricity to maintain. Now, though, you can get a lifetime of terabyte cloud storage on Koofr for just $160. The usual price would be $810, so this saves you $650 in total. And, naturally, Koofr's cloud storage has special features that you'll want to know about, too. So, go ahead and tap the button below to find the deal — it'll only be going on for a limited amount of time — and continue reading to see why we like this deal and what makes Koofr special.

Why you should buy cloud storage on Koofr
While Koofr is an advanced cloud storage system, with advanced file management and accessibility from nearly all of your devices, there are two primary reasons to purchase this deal: Security and value.

Read more
The 5 best things you can do with Copilot Pro right now
Microsoft Copilot Pro.

Copilot Pro is Microsoft’s AI subscription service that costs $20 per month for individuals and is integrated into the brand’s Microsoft 365 suite. The paid service offers unique features to Microsoft users, provides faster and more consistent AI performance with priority access to the GPT-4 and GPT-4 Turbo large language models (LLM) during peak times, and also brings the AI technology to the brand’s most popular PC applications -- and that's where things get really interesting.

Here are some of the best features on Copilot Pro and how they work.
Create custom GPTs

Read more