Polkit currently authorizes uid 0 for anything, which is suboptimal for operating system creators who have done work to drop Linux capabilities from processes, even if they retain uid 0 (like syslogd say). Not a big deal, but worth fixing.
(In reply to Colin Walters from comment #0) > Polkit currently authorizes uid 0 for anything, which is suboptimal If it's determining that the uid is 0 by asking dbus-daemon, then this cannot be fixed without kdbus or similar, because: * dbus-daemon has no way to ask what a peer's capabilities look like; * the reason that it lacks that feature is that the Linux kernel offers no race-free way to ask what a Unix socket peer's capabilities look like (The way that has a race, which is unsuitable for exactly that reason, is to get the peer's pid and look in /proc/PID/status.)
-- GitLab Migration Automatic Message -- This bug has been migrated to freedesktop.org's GitLab instance and has been closed from further activity. You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.freedesktop.org/polkit/polkit/issues/33.
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.