1. 03 May, 2022 1 commit
  2. 02 May, 2022 1 commit
  3. 21 Mar, 2022 1 commit
  4. 25 Jan, 2022 1 commit
  5. 03 Apr, 2018 2 commits
  6. 06 Jun, 2016 1 commit
  7. 27 Aug, 2014 1 commit
  8. 18 Feb, 2014 1 commit
  9. 22 Nov, 2013 1 commit
  10. 13 May, 2013 1 commit
  11. 11 Apr, 2013 1 commit
  12. 09 Jan, 2013 1 commit
  13. 19 Dec, 2012 1 commit
    • David Zeuthen's avatar
      Set XAUTHORITY environment variable if is unset · d6acecdd
      David Zeuthen authored
      The way it works is that if XAUTHORITY is unset, then its default
      value is $HOME/.Xauthority. But since we're changing user identity
      this will not work since $HOME will now change. Therefore, if
      XAUTHORITY is unset, just set its default value before changing
      identity. This bug only affected login managers using X Window
      Authorization but not explicitly setting the XAUTHORITY variable.
      You can argue that XAUTHORITY is broken since it forces uid-changing
      apps like pkexec(1) to do more work - and get involved in intimate
      details of how X works and so on - but that doesn't change how things
      Based on a patch from Peter Wu <lekensteyn@gmail.com>.
      Signed-off-by: David Zeuthen's avatarDavid Zeuthen <zeuthen@gmail.com>
  14. 11 Jul, 2012 1 commit
  15. 24 May, 2012 1 commit
  16. 22 May, 2012 1 commit
  17. 01 Aug, 2011 1 commit
    • Martin Pitt's avatar
      Bug 38769 — pkexec: Support running X11 apps · 7850d270
      Martin Pitt authored
      Introduce a new annotation flag "org.freedesktop.policykit.exec.allow_gui"
      which will cause pkexec to preserve $DISPLAY and $XAUTHORITY. With this, the
      remaining few legacy X11 programs which still need to run as root can finally
      be migrated away from gksu (or similar) to pkexec, with the help of some
      .polkit files. This will provide a consistent UI and also help with making the
      authentication dialogs less spoofable.
      Relax validate_environment_variable() to allow '/' in $XAUTHORITY, as this
      variable actually is a full path.
      Signed-off-by: default avatarDavid Zeuthen <davidz@redhat.com>
  18. 01 Apr, 2011 1 commit
    • David Zeuthen's avatar
      pkexec: Avoid TOCTTOU problems with parent process · 3b12cfac
      David Zeuthen authored
      In a nutshell, the parent process may change its uid (either real- or
      effective uid) after launching pkexec. It can do this by exec()'ing
      e.g. a setuid root program.
      To avoid this problem, just use the uid the parent process had when it
      executed pkexec. This happens to be the same uid of the pkexec process
      Additionally, remove some dubious code that allowed pkexec to continue
      when the parent process died as there is no reason to support
      something like that. Also ensure that the pkexec process is killed if
      the parent process dies.
      This problem was pointed out by Neel Mehta <nmehta@google.com>.
      Signed-off-by: default avatarDavid Zeuthen <davidz@redhat.com>
  19. 03 Mar, 2011 1 commit
    • David Zeuthen's avatar
      Deprecated PolkitBackendActionLookup · 02cebdb0
      David Zeuthen authored
      Instead, pass the untranslated message as polkit.message and set the
      gettext domain on polkit.gettext_domain. For printf()-style messages,
      occurences of the form $(name_of_key) in the translated version of
      polkit.message are expanded with the value of the property
      name_of_key. See the pkexec(1) mechanism for an example of how to use
      Additionally, the property polkit.icon_name can be set to the
      icon. Note that not all authentication agents use this - in
      particular, gnome-shell does not.
      It is no longer possible to set the details to be shown in the
      authentication dialog. It was never a good idea to hide information
      there anyway. Instead, the mechanism should format a meaningful
      Signed-off-by: default avatarDavid Zeuthen <davidz@redhat.com>
  20. 23 Feb, 2011 1 commit
  21. 22 Feb, 2011 1 commit
  22. 20 Aug, 2010 1 commit
  23. 12 Aug, 2010 1 commit
    • David Zeuthen's avatar
      Add textual authentication agent and use it in pkexec(1) · 42177383
      David Zeuthen authored
      This makes pkexec(1) work when e.g. logging in via ssh(1) or the linux
      console but also when using `su -'. Example:
       [davidz@x61 ~]$ su - bateman
       [bateman@x61 ~]$ pkexec bash
       ==== AUTHENTICATING FOR org.freedesktop.policykit.exec ===
       Authentication is needed to run `/bin/bash' as the super user
       Authenticating as: root
       [root@x61 ~]#
      Summary of changes
       - Added a PolkitAgentTextListener class
       - Add new polkit_agent_listener_register() (and _unregister()) API
       - Deprecate polkit_agent_register_listener API
       - Allow registering authentication agents for PolkitUnixProcess subjects
         and prefer such agents to ones governing the session
       - Make PolkitAgentSession use the thread-default GMainContext - otherwise
         it won't work in spawned threads
       - (finally) use PolkitAgentTextListener in pkexec(1) if authorization
         via authentication is possible but no authentication agent was
      Signed-off-by: default avatarDavid Zeuthen <davidz@redhat.com>
  24. 09 Aug, 2010 1 commit
  25. 02 Jul, 2010 1 commit
    • Andrew Psaltis's avatar
      Add shadow support · a2edcef5
      Andrew Psaltis authored
      Added support for the shadow authentication framework instead of PAM.
      Enable it by passing --with-authfw=shadow to configure.
      This is done by splitting the polkitagenthelper source into separate
      parts, one that does auth with PAM, and another that does auth with
      shadow, sharing functions where appropriate.
      Also, all PAM-dependendent code in all other files has been #ifdef'd.
      The only affected file is src/programs/pkexec.c
      Signed-off-by: default avatarDavid Zeuthen <davidz@redhat.com>
  26. 10 Mar, 2010 1 commit
    • Dan Rosenberg's avatar
      Bug 26982 – pkexec information disclosure vulnerability · 14bdfd81
      Dan Rosenberg authored
      pkexec is vulnerable to a minor information disclosure vulnerability
      that allows an attacker to verify whether or not arbitrary files
      exist, violating directory permissions. I reproduced the issue on my
      Karmic installation as follows:
       $ mkdir secret
       $ sudo chown root:root secret
       $ sudo chmod 400 secret
       $ sudo touch secret/hidden
       $ pkexec /home/drosenbe/secret/hidden
       (password prompt)
       $ pkexec /home/drosenbe/secret/doesnotexist
       Error getting information about /home/drosenbe/secret/doesnotexist: No such
       file or directory
      I've attached my patch for the issue. I replaced the stat() call
      entirely with access() using F_OK, so rather than check that the
      target exists, pkexec now checks if the user has permission to verify
      the existence of the program. There might be another way of doing
      this, such as chdir()'ing to the parent directory of the target and
      calling lstat(), but this seemed like more code than necessary to
      prevent such a minor problem.  I see no reason to allow pkexec to
      execute targets that are not accessible to the executing user because
      of directory permissions. This is such a limited use case anyway that
      this doesn't really affect functionality.
      Signed-off-by: default avatarDavid Zeuthen <davidz@redhat.com>
  27. 15 Dec, 2009 6 commits
  28. 11 Dec, 2009 2 commits
  29. 13 Sep, 2009 1 commit
  30. 12 Aug, 2009 2 commits
    • David Zeuthen's avatar
      Generate GI gir and typelibs for libpolkit-gobject-1 · a7aacbb5
      David Zeuthen authored
      This includes changing from POSIX types (uid_t, gid_t, pid_t) to
      gint. Won't affect much since the size is the same. And we want this
      anyway since it is needed to build the library on non-POSIX platforms.
    • Joe Clarke's avatar
      Bug 23093 – FreeBSD portability fixes · de9453f4
      Joe Clarke authored
      There are a few issues with building polkit-0.93 on FreeBSD:
       * No clearenv() function on FreeBSD
       * While FreeBSD has a /proc, it is deprecated, and kinfo_proc should
         be used instead.
       * FreeBSD's printf() functions do not support the %m notation.  This
         is only supported for syslog().
        * You can't call GINT_TO_POINTER() on a 64-bit value, as this will
          break on 64-bit OSes.
      The attached patch fixes these problems.  First, a check for
      clearenv() is added to configure.  Second, I moved the check for
      process uid to polkit/polkitunixprocess.c.  This may not be ideal, but
      it seems to fit, and reduces code duplication.  Third, I replaces all
      %m with %s ... g_strerror (errno).  Finally, I replaced
      Signed-off-by: default avatarDavid Zeuthen <davidz@redhat.com>
  31. 30 Jul, 2009 1 commit
  32. 27 Jul, 2009 1 commit