documentation on polkit-agent-helper-1 and suid
Simon McVittie
simon.mcvittie at collabora.co.uk
Fri Oct 21 17:10:11 UTC 2016
On Fri, 2016-10-21 at 13:40 +0200, Alad Wenter wrote:
> While looking suid files on my system I noticed that
> /usr/lib/polkit-1/polkit-agent-helper-1 is suid root, and I was
> curious
> on the reasoning beyond this.
The agent's job is to tell the polkit daemon "yes, this is definitely
Alad, and not someone else who has sat down at Alad's computer". This
means it wants to be uid 0 for two reasons:
* to be able to run the PAM stack to check your password, one-time
key, fingerprint or whatever other credentials against system
authentication services
* to be able to send that message to the polkit daemon, and give the
polkit daemon a reason to believe it (that reason being "it came
from uid 0")
Regards,
S
More information about the polkit-devel
mailing list