Bug 35623

Summary: should special case CAP_SYS_ADMIN on Linux, not uid 0
Product: PolicyKit Reporter: Colin Walters <walters>
Component: daemonAssignee: David Zeuthen (not reading bugmail) <zeuthen>
Status: RESOLVED MOVED QA Contact: David Zeuthen (not reading bugmail) <zeuthen>
Severity: normal    
Priority: medium    
Version: unspecified   
Hardware: Other   
OS: All   
Whiteboard:
i915 platform: i915 features:

Description Colin Walters 2011-03-24 06:10:28 UTC 
Polkit currently authorizes uid 0 for anything, which is suboptimal for operating system creators who have done work to drop Linux capabilities from processes, even if they retain uid 0 (like syslogd say).

Not a big deal, but worth fixing.
Comment 1 Simon McVittie 2015-03-31 07:50:05 UTC 
(In reply to Colin Walters from comment #0)
> Polkit currently authorizes uid 0 for anything, which is suboptimal

If it's determining that the uid is 0 by asking dbus-daemon, then this cannot be fixed without kdbus or similar, because:

* dbus-daemon has no way to ask what a peer's capabilities look like;
* the reason that it lacks that feature is that the Linux kernel offers
  no race-free way to ask what a Unix socket peer's capabilities look like

(The way that has a race, which is unsuitable for exactly that reason, is to get the peer's pid and look in /proc/PID/status.)
Comment 2 GitLab Migration User 2018-08-20 21:36:02 UTC 
-- GitLab Migration Automatic Message --

This bug has been migrated to freedesktop.org's GitLab instance and has been closed from further activity.

You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.freedesktop.org/polkit/polkit/issues/33.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.