I may be very off target here, so please forgive me. I believe the Raspberry Pi image may use a Linux based OS - but I don't know which one. I am concerned about the recently disclosed vulnerability in the polkit component. It seems Linux systems that have polkit version 0.113 or later installed – like Debian (unstable), RHEL 8, Fedora 21+, and Ubuntu 20.04 – are affected. More info here: Seven-year-old make-me-root bug in Linux service polkit patched • The Register
A little bit of using the search on here can find that info.
HassOS based
It uses a very stripped down version of Home Assistant
The post you linked to says Channels used the HassOS “for inspiration”. So, it’s still not clear what exact Linux distro is being used or if the affected polkit component is used. I doubt it is, but just want to ensure security for us all. I do appreciate your helping figure this out.
The vulnerability allows a user on a multiuser Linux system to get super user privileges
The Pi image is not a multiuser system. There are no user accounts and SSH access is disabled by default.
In addition, polkit is not used.
3 Likes