Polkit

Last updated

polkit
Developers David Zeuthen, Red Hat
Initial release0.3 [1]   OOjs UI icon edit-ltr-progressive.svg
Stable release
126 [2]   OOjs UI icon edit-ltr-progressive.svg / 13 January 2025;8 months ago (13 January 2025)
Repository
Written in C
Operating system Linux, Unix-like
Type Privilege authorization
License LGPL (free software)
Website github.com/polkit-org/polkit

Polkit (formerly PolicyKit) is a component for controlling system-wide privileges in Unix-like operating systems. It provides an organized way for non-privileged processes to communicate with privileged ones. Polkit allows a level of control of centralized system policy. It is developed and maintained by David Zeuthen from Red Hat and hosted by the freedesktop.org project. It is published as free software under the terms of version 2 of the GNU Lesser General Public License. [3]

Contents

Since version 0.105, released in April 2012, [4] [5] the name of the project was changed from PolicyKit to polkit to emphasize that the system component was rewritten [6] and that the application programming interface had changed, breaking backward compatibility. [7] [ dubious discuss ]

Fedora became the first distribution to include PolicyKit, and it has since been used in other distributions, including Ubuntu since version 8.04 and openSUSE since version 10.3. Some distributions, like Fedora, [8] have already switched to the rewritten polkit.

It is also possible to use polkit to execute commands with elevated privileges using the command pkexec followed by the command intended to be executed (with root permission). [9] Systemd provides an alternate interface to polkit called run0.

Implementation

The polkitd daemon implements Polkit functionality. [10]

Security

PwnKit
CVE identifier(s) CVE- 2021-4034
Date discovered18 November 2021;3 years ago (2021-11-18)
DiscovererQualys Research Team
Affected hardwareAll architectures
Affected softwarePolkit (all versions prior to discovery)
Used byDefault on every major Linux distribution
Website qualys.com

Polkit improves on the security offered by sudo by avoiding SUID binaries, which are the primary cause of privilege escalation vulnerabilities on Unix-like systems. [11]

Nevertheless, as with sudo, several privilege escalation vulnerabilities have been found in polkit. The memory corruption vulnerability PwnKit (CVE-2021-4034 [12] ) discovered in the pkexec command (installed on all major Linux distributions) was announced on January 25, 2022. [13] [14] The vulnerability dates back to the original distribution from 2009. The vulnerability received a CVSS score of 7.8 ("High severity") reflecting serious factors involved in a possible exploit: unprivileged users can gain full root privileges, regardless of the underlying machine architecture or whether the polkit daemon is running or not.

See also

References

  1. "PolicyKit 0.3". 20 June 2007. Retrieved 17 July 2024.
  2. "Release 126 is out". 13 January 2025. Retrieved 26 January 2025.
  3. "polkit Git COPYING". David Zeuthen. Retrieved 15 November 2012.
  4. "polkit Git NEWS". David Zeuthen. Retrieved 15 November 2012.
  5. "Polkit releases" . Retrieved 1 September 2018.
  6. "Chapter 9. PolicyKit". openSUSE Security Guide. Novell, Inc. and contributors. Archived from the original on 27 August 2012. Retrieved 15 November 2012.
  7. "Polkit and KDE: let's make the point of the situation". 22 December 2009. Retrieved 15 November 2012.
  8. "Features/PolicyKitOne". Fedora Project Wiki. Retrieved 15 November 2012.
  9. "pkexec". polkit Reference Manual. Retrieved 25 May 2013.
  10. Команда разработчиков BLFS (5 September 2017). "4: Bezopasnost'". За пределами проекта "Linux® с нуля". Версия 7.4 [Beyond Linux from scratch] (in Russian). Vol. 1. Moscow: Litres (published 2017). p. 169. ISBN   9785457831186 . Retrieved 5 September 2017.
  11. Kanner, Andrey M.; Kanner, Tatiana M. (May 2024). "SUID Binaries in GNU/Linux: the Feature or the Bug?". 2024 IEEE Ural-Siberian Conference on Biomedical Engineering, Radioelectronics and Information Technology (USBEREIT): 46–48. doi:10.1109/USBEREIT61901.2024.10584001.
  12. "CVE listing for CVE-2021-4034". Mitre. Retrieved 25 January 2022.
  13. "PwnKit: Local Privilege Escalation Vulnerability Discovered in polkit's pkexec (CVE-2021-4034)". Qualys. 25 January 2022. Retrieved 25 January 2022.
  14. "Major Linux PolicyKit security vulnerability uncovered: Pwnkit". ZDNet. 25 January 2022. Retrieved 25 January 2022.
Free and open-source software logo (2009).svg

This free and open-source software article is a stub. You can help Wikipedia by expanding it.

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.