Skip to main content
  1. Home
  2. Computing
  3. Legacy Archives

Oh, the Who-manity: ‘Grinch’ security bug wreaks havoc on Linux

Add as a preferred source on Google

A glitch called “Grinch” after the perennially loathed yet beloved Dr. Seuss cartoon character has recently been found laying low in the depths of Linux source code. It has the catastrophic potential to let bad guys to seize remote control of any and all devices based on the platform. Including Android mobiles, which at their core have Linux roots planted in their software.

By “remote control” IT network security provider Alert Logic means total, unrestricted command over any data stored on liable systems, plus the ability to install and execute trojans and other malware contents from a distance.

Recommended Videos

The way Grinch works is by allowing access to the su (aka super user) command, and letting unauthorized individuals manipulate the wheel group assigned by default to the legit admin of the system. This results in privilege escalation which ultimately gives the attacker full access to all system functions.

That sounds a lot like Shellshock’s mischievous capacity. However, according to Stephen Coty, Alert Logic’s Chief Security Evangelist, Linux admins and users can dodge attacks and remove all risk by implementing stronger methods of authentication and authorization.

Users can do this through PolKit, a policy management tool in Linux. To be frank, the settings users need to change to thwart to the Grinch are a bit over our heads, so we recommend you check out this recently broadcasted webinar about the “Grinch” flaw.

If you take authorization one step forward, and switch the default wheel assignment, you should stay clear of the green baddie with a heart two sizes too small, and enjoy your holidays in peace. Probably. Most likely. Hopefully.

Adrian Diaconescu
Former Digital Trends Contributor
Adrian is a mobile aficionado since the days of the Nokia 3310, and a PC enthusiast since Windows 98. Later, he discovered…
This one app has single-handedly improved my Mac experience
It won't reinvent macOS. It will just quietly fix everything that annoys you about it.
Supercharge app

Every once in a while, you come across an app that fundamentally changes how you use your Mac. Over the past year, Supercharge has been that app for me. It packs hundreds of tweaks and features that solve macOS’s several annoyances and add improvements that upgrade the experience. 

While it will be hard to cover all its features in a single article, here are my favorite Supercharge features that have single-handedly improved my Mac experience. They've become such an integral part of my workflow that I now miss them whenever I use a Mac without Supercharge.

Read more
What is Copilot? Everything you need to know about Microsoft’s AI assistant
There’s a Copilot for almost everything now. Here’s which one you need
Microsoft Copilot Banner Featured

Microsoft has attached the Copilot name to so many products that a simple question like "What is Copilot?" now needs a little more context. There is the main Microsoft Copilot chatbot, Copilot inside Microsoft 365, GitHub Copilot for developers, Gaming Copilot for Xbox users, and a separate category of Windows laptops called Copilot+ PCs.

For most people, Microsoft Copilot means the company’s general-purpose AI assistant. So you'd expect it to answer questions, search the web, generate and edit images, and the rest of the usual AI chatbot features. You can access it through a browser or dedicated apps for Windows, macOS, Android, and iOS. It is also integrated into Microsoft Edge, the Xbox mobile app, and Game Bar on Windows 11.

Read more
I tried to parody the most absurd AI products, but the tech industry beat me to it
The joke was supposed to be that every household object gets cameras, AI insights, and a premium tier. Apparently, that’s now a business plan
Imaginary AI products

I wanted to invent an AI product so silly that no founder could turn it into a seed round.

It had to solve a problem nobody had, collect far more data than the problem deserved, and turn normal behavior into an insight that sounded vaguely disappointed in its owner. Somewhere around the third feature, it would ask for a subscription.

Read more