Polkit (formerly PolicyKit) is a component for controlling system-wide

privileges Privilege may refer to: Arts and entertainment * ''Privilege'' (film), a 1967 film directed by Peter Watkins * ''Privilege'' (Ivor Cutler album), 1983 * ''Privilege'' (Television Personalities album), 1990 * ''Privilege (Abridged)'', an alb ...

Unix-like A Unix-like (sometimes referred to as UN*X or *nix) operating system is one that behaves in a manner similar to a Unix system, although not necessarily conforming to or being certified to any version of the Single UNIX Specification. A Unix-li ...

operating systems. It provides an organized way for non-privileged processes to communicate with privileged ones. Polkit allows a level of control of centralized system policy. It is developed and maintained by David Zeuthen from Red Hat and hosted by the freedesktop.org project. It is published as

free software Free software or libre software is computer software distributed under terms that allow users to run the software for any purpose as well as to study, change, and distribute it and any adapted versions. Free software is a matter of liberty, ...

under the terms of version 2 of the

GNU Lesser General Public License The GNU Lesser General Public License (LGPL) is a free-software license published by the Free Software Foundation (FSF). The license allows developers and companies to use and integrate a software component released under the LGPL into their own ...

. Since version 0.105, released in April 2012, the name of the project was changed from ''PolicyKit'' to ''polkit'' to emphasize that the system component was rewritten and that the API had changed, breaking

backward compatibility Backward compatibility (sometimes known as backwards compatibility) is a property of an operating system, product, or technology that allows for interoperability with an older legacy system, or with input designed for such a system, especially ...

Fedora A fedora () is a hat with a soft brim and indented crown.Kilgour, Ruth Edwards (1958). ''A Pageant of Hats Ancient and Modern''. R. M. McBride Company. It is typically creased lengthwise down the crown and "pinched" near the front on both sides ...

became the first

distribution Distribution may refer to: Mathematics *Distribution (mathematics), generalized functions used to formulate solutions of partial differential equations *Probability distribution, the probability of a particular value or value range of a varia ...

to include PolicyKit, and it has since been used in other distributions, including

Ubuntu Ubuntu ( ) is a Linux distribution based on Debian and composed mostly of free and open-source software. Ubuntu is officially released in three editions: '' Desktop'', '' Server'', and ''Core'' for Internet of things devices and robots. All th ...

since version 8.04 and

openSUSE openSUSE () is a free and open source RPM-based Linux distribution developed by the openSUSE project. The initial release of the community project was a beta version of SUSE Linux 10.0. Additionally the project creates a variety of tools, s ...

since version 10.3. Some distributions, like Fedora, have already switched to the rewritten polkit. It is also possible to use polkit to execute commands with elevated privileges using the command ''pkexec'' followed by the command intended to be executed (with

root In vascular plants, the roots are the organs of a plant that are modified to provide anchorage for the plant and take in water and nutrients into the plant body, which allows plants to grow taller and faster. They are most often below the sur ...

permission). However, it may be preferable to use

sudo sudo ( or ) is a program for Unix-like computer operating systems that enables users to run programs with the security privileges of another user, by default the superuser. It originally stood for "superuser do", as that was all it did, and it ...

, as this command provides more flexibility and security, in addition to being easier to configure.

Implementation

The polkitd

daemon Daimon or Daemon (Ancient Greek: , "god", "godlike", "power", "fate") originally referred to a lesser deity or guiding spirit such as the daimons of ancient Greek religion and mythology and of later Hellenistic religion and philosophy. The wo ...

implements Polkit functionality.

Vulnerability

A memory corruption vulnerability PwnKit ( CVE-2021-4034) discovered in the ''pkexec'' command (installed on all major Linux distributions) was announced on January 25, 2022. The vulnerability dates back to the original distribution from 2009. The vulnerability received a CVSS score of 7.8 ("High severity") reflecting serious factors involved in a possible exploit: unprivileged users can gain full root privileges, regardless of the underlying machine architecture or whether the ''polkit'' daemon is running or not.

References

External links

polkit GitLab repository
at freedesktop.org
Documentation
at freedesktop.org
Why polkit
explaining polkit's role in a modern system Free software programmed in C Freedesktop.org Unix software {{Free-software-stub

Implementation

Vulnerability

See also

References

External links