HOME

TheInfoList



Click Here for Items Related To - PolicyKit
OR:
PolicyKit on:   [Wikipedia]   [Google]   [Amazon]

Polkit (formerly PolicyKit) is a component for controlling system-wide privileges in
Unix-like A Unix-like (sometimes referred to as UN*X, *nix or *NIX) operating system is one that behaves in a manner similar to a Unix system, although not necessarily conforming to or being certified to any version of the Single UNIX Specification. A Uni ...
operating systems. It provides an organized way for non-privileged processes to communicate with privileged ones. Polkit allows a level of control of centralized system policy. It is developed and maintained by David Zeuthen from
Red Hat Red Hat, Inc. (formerly Red Hat Software, Inc.) is an American software company that provides open source software products to enterprises and is a subsidiary of IBM. Founded in 1993, Red Hat has its corporate headquarters in Raleigh, North ...
and hosted by the freedesktop.org project. It is published as
free software Free software, libre software, libreware sometimes known as freedom-respecting software is computer software distributed open-source license, under terms that allow users to run the software for any purpose as well as to study, change, distribut ...
under the terms of version 2 of the
GNU Lesser General Public License The GNU Lesser General Public License (LGPL) is a free-software license published by the Free Software Foundation (FSF). The license allows developers and companies to use and integrate a software component released under the LGPL into their own ...
. Since version 0.105, released in April 2012, the name of the project was changed from ''PolicyKit'' to ''polkit'' to emphasize that the system component was rewritten and that the
API An application programming interface (API) is a connection between computers or between computer programs. It is a type of software interface, offering a service to other pieces of software. A document or standard that describes how to build ...
had changed, breaking
backward compatibility In telecommunications and computing, backward compatibility (or backwards compatibility) is a property of an operating system, software, real-world product, or technology that allows for interoperability with an older legacy system, or with Input ...
. Fedora became the first distribution to include PolicyKit, and it has since been used in other distributions, including
Ubuntu Ubuntu ( ) is a Linux distribution based on Debian and composed primarily of free and open-source software. Developed by the British company Canonical (company), Canonical and a community of contributors under a Meritocracy, meritocratic gover ...
since version 8.04 and
openSUSE openSUSE () is a free and open-source software, free and open-source Linux distribution developed by the openSUSE project. It is offered in two main variations: ''Tumbleweed'', an upstream rolling release distribution, and ''Leap'', a stable r ...
since version 10.3. Some distributions, like Fedora, have already switched to the rewritten polkit. It is also possible to use polkit to execute commands with elevated privileges using the command ''pkexec'' followed by the command intended to be executed (with
root In vascular plants, the roots are the plant organ, organs of a plant that are modified to provide anchorage for the plant and take in water and nutrients into the plant body, which allows plants to grow taller and faster. They are most often bel ...
permission). However, it may be preferable to use
sudo () is a shell (computing), shell command (computing), command on Unix-like operating systems that enables a user to run a program with the security privileges of another user, by default the superuser. It originally stood for "superuser do", a ...
, as this command provides more flexibility and security, in addition to being easier to configure.


Implementation

The polkitd
daemon A demon is a malevolent supernatural being, evil spirit or fiend in religion, occultism, literature, fiction, mythology and folklore. Demon, daemon or dæmon may also refer to: Entertainment Fictional entities * Daemon (G.I. Joe), a character ...
implements Polkit functionality.


Vulnerability

A memory corruption vulnerability PwnKit ( CVE-2021-4034) discovered in the ''pkexec'' command (installed on all major Linux distributions) was announced on January 25, 2022. The vulnerability dates back to the original distribution from 2009. The vulnerability received a CVSS score of 7.8 ("High severity") reflecting serious factors involved in a possible exploit: unprivileged users can gain full root privileges, regardless of the underlying machine architecture or whether the ''polkit'' daemon is running or not.


See also

* Pluggable authentication module *
Principle of least privilege In information security, computer science, and other fields, the principle of least privilege (PoLP), also known as the principle of minimal privilege (PoMP) or the principle of least authority (PoLA), requires that in a particular abstraction l ...
* PackageKit * User Account Control – a similar feature introduced in
Windows Vista Windows Vista is a major release of the Windows NT operating system developed by Microsoft. It was the direct successor to Windows XP, released five years earlier, which was then the longest time span between successive releases of Microsoft W ...
and still exists in
Windows 11 Windows 11 is a version of Microsoft's Windows NT operating system, released on October 5, 2021, as the successor to Windows 10 (2015). It is available as a free upgrade for devices running Windows 10 that meet the #System requirements, Windo ...


References


External links


polkit GitHub repository
at github.com
Documentation
at freedesktop.org
Why polkit
explaining polkit's role in a modern system Computer security software System administration Free software programmed in C Freedesktop.org Unix software Software using the GNU Lesser General Public License {{Free-software-stub