Search

Polkit

Polkit (formerly PolicyKit) is a component for controlling system-wide privileges in Unix-like operating systems. It provides an organized way for non-privileged processes to communicate with privileged ones. Polkit allows a level of control of centralized system policy. It is developed and maintained by David Zeuthen from Red Hat and hosted by the freedesktop.org project. It is published as free software under the terms of version 2 of the GNU Lesser General Public License.[2]

polkit
Developer(s)David Zeuthen, Red Hat
Stable release
124[1] Edit this on Wikidata / 17 January 2024; 2 months ago (17 January 2024)
Repository
Written inC
Operating systemLinux, Unix-like
TypePrivilege authorization
LicenseLGPL (free software)
Websitegithub.com/polkit-org/polkit
KDE-based front-end.

Since version 0.105, released in April 2012,[3][4] the name of the project was changed[by whom?] from PolicyKit to polkit to emphasize that the system component was rewritten[5] and that the API had changed, breaking backward compatibility.[6][dubious discuss]

Fedora became the first distribution to include PolicyKit, and it has since been used in other distributions, including Ubuntu since version 8.04 and openSUSE since version 10.3. Some distributions, like Fedora,[7] have already switched to the rewritten polkit.

It is also possible to use polkit to execute commands with elevated privileges using the command pkexec followed by the command intended to be executed (with root permission).[8] However, it may be preferable to use sudo, as this command provides more flexibility and security, in addition to being easier to configure.[9]

Implementation

The polkitd daemon implements Polkit functionality.[10]

Vulnerability

PwnKit
CVE identifier(s)CVE-2021-4034
Date discovered18 November 2021; 2 years ago (2021-11-18)
DiscovererQualys Research Team
Affected hardwareAll architectures
Affected softwarePolkit (all versions prior to discovery)
Used byDefault on every major Linux distribution
Websitequalys.com

A memory corruption vulnerability PwnKit (CVE-2021-4034[11]) discovered in the pkexec command (installed on all major Linux distributions) was announced on January 25, 2022.[12][13] The vulnerability dates back to the original distribution from 2009. The vulnerability received a CVSS score of 7.8 ("High severity") reflecting serious factors involved in a possible exploit: unprivileged users can gain full root privileges, regardless of the underlying machine architecture or whether the polkit daemon is running or not.

See also

References

External links

Wikimedia Commons has media related to Polkit.
Retrieved from "https:https://www.search.com.vn/wiki/index.php?lang=en&q=Polkit&oldid=1211400543"
🔥 Top keywords: Main PageSpecial:SearchIndian Premier LeagueWikipedia:Featured picturesPornhubUEFA Champions League2024 Indian Premier LeagueFallout (American TV series)Jontay PorterXXXTentacionAmar Singh ChamkilaFallout (series)Cloud seedingReal Madrid CFCleopatraRama NavamiRichard GaddDeaths in 2024Civil War (film)Shōgun (2024 miniseries)2024 Indian general electionJennifer PanO. J. SimpsonElla PurnellBaby ReindeerCaitlin ClarkLaverne CoxXXX (film series)Facebook2023–24 UEFA Champions LeagueYouTubeCandidates Tournament 2024InstagramList of European Cup and UEFA Champions League finalsJude BellinghamMichael Porter Jr.Andriy LuninCarlo AncelottiBade Miyan Chote Miyan (2024 film)