Top Qs
Timeline
Chat
Perspective

Polkit

Component of UNIX systems From Wikipedia, the free encyclopedia

Polkit
Remove ads

Polkit (formerly PolicyKit) is a component for controlling system-wide privileges in Unix-like operating systems. It provides an organized way for non-privileged processes to communicate with privileged ones. Polkit allows a level of control of centralized system policy. It is developed and maintained by David Zeuthen from Red Hat and hosted by the freedesktop.org project. It is published as free software under the terms of version 2 of the GNU Lesser General Public License.[3]

Quick facts Developers, Initial release ...

Since version 0.105, released in April 2012,[4][5] the name of the project was changed from PolicyKit to polkit to emphasize that the system component was rewritten[6] and that the application programming interface had changed, breaking backward compatibility.[7][dubious discuss]

Fedora became the first distribution to include PolicyKit, and it has since been used in other distributions, including Ubuntu since version 8.04 and openSUSE since version 10.3. Some distributions, like Fedora,[8] have already switched to the rewritten polkit.

It is also possible to use polkit to execute commands with elevated privileges using the command pkexec followed by the command intended to be executed (with root permission).[9] Systemd provides an alternate interface to polkit called run0.

Remove ads

Implementation

The polkitd daemon implements Polkit functionality.[10]

Security

Quick facts CVE identifier(s), Date discovered ...

Polkit improves on the security offered by sudo by avoiding SUID binaries, which are the primary cause of privilege escalation vulnerabilities on Unix-like systems.[11]

Nevertheless, as with sudo, several privilege escalation vulnerabilities have been found in polkit. The memory corruption vulnerability PwnKit (CVE-2021-4034[12]) discovered in the pkexec command (installed on all major Linux distributions) was announced on January 25, 2022.[13][14] The vulnerability dates back to the original distribution from 2009. The vulnerability received a CVSS score of 7.8 ("High severity") reflecting serious factors involved in a possible exploit: unprivileged users can gain full root privileges, regardless of the underlying machine architecture or whether the polkit daemon is running or not.

Remove ads

See also

References

Loading related searches...

Wikiwand - on

Seamless Wikipedia browsing. On steroids.

Remove ads