A few days after leakage of Red Star OS North Korea to the West, in the form of an ISO, security researchers have begun to expose its vulnerabilities.
According this publication in Seclists, the udev rules in US version 3.0 and the rc.sysint script in version 2.0 are so people with enrollments. Both have root privilege.
Because of managementof rights files of Red Star 3.0, the device manager rules for HP LaserJet printers (1000 series), (/etc/udev/rules.d/85-hplj10xx.rules), can be modified to RUN+= arguments. These commands can be run in the udev daemon as root. Exists a presentation at GitHub.
The main task of udev is to monitor the / dev (devices) directory, and when the device is connected to a USB port, it loads the appropriate set of rules.
By writing to the rc.sysint file at oldest Red Star OS 2.0, an attacker can execute commands as root (demonstration).
Both vulnerabilities provide privilege escalation for local users.
Download it redstar_desktop3.0_sign.iso