Add new flag to check root user too in ChcekAuthorization (#452)
Currently if the subject has uid 0 a shortcut is taken and authorization is immediately granted, without checking against policies and rules. Add a flag that allows skipping this shortcut. uid 0 can of course alter polkit's behaviour directly, so this is not so much a security feature, but more useful as a safety feature, so that when an action is disabled it cannot be accidentally performed by root, unless they really mean it and bypass polkit.
Showing
- data/org.freedesktop.PolicyKit1.Authority.xml 3 additions, 0 deletionsdata/org.freedesktop.PolicyKit1.Authority.xml
- docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml 10 additions, 1 deletion...ocbook-interface-org.freedesktop.PolicyKit1.Authority.xml
- src/polkit/polkitcheckauthorizationflags.h 2 additions, 0 deletionssrc/polkit/polkitcheckauthorizationflags.h
- src/polkitbackend/polkitbackendinteractiveauthority.c 1 addition, 1 deletionsrc/polkitbackend/polkitbackendinteractiveauthority.c
Loading
Please register or sign in to comment