anybody know of a #polkit authentication agent that lets you use a numpad like the #phosh passcode entry screen?

Perfctl: una minaccia silenziosa ai server Linux

https://gomoot.com/perfctl-una-minaccia-silenziosa-ai-server-linux

TIL that #polkit rules are JavaScript and wtf?

Okay, what is the modern way to request a password or secret from the user in this day and age?

Pinentry and ssh-askpass is no go and I can't quite grok the dbus secret service from the polkit auth?

Herunterfahren und Neustart unter Ubuntu 22.04 deaktivieren:

Mit nur zwei Befehlen verhinderst du effektiv, dass Remote-Benutzer:innen einen virtuellen PC mit Ubuntu 22.04.4 LTS neu starten oder herunterfahren können.

https://andersgood.de/kurz-notiert/herunterfahren-und-neustart-unter-ubuntu-22-04-deaktivieren

KDE6 release: D-Bus and Polkit Galore: https://security.opensuse.org/2024/04/02/kde6-dbus-polkit.html #linux #update #foss #release #kde6 #dbus #polkit

First blog post of 2024! Group based Permissions using polkit

A quick real world example of how to customize polkit.

Dark variant of the polkit website banner.

Polkit illustration.

Broken Authorization Bug Found By SUSE Linux In Mozilla VPN Client Could Have Possibly Allowed Local Users To Manipulate Traffic

#Infosec #News #cybersecurity #VPN #Mozilla #security #privacy #routing #Linux #Polkit #SUSE #FOSS

https://www.theregister.com/2023/08/04/mozilla_vpn_linux_flaw

Do any #GNOME folx know why polkit-gnome https://gitlab.gnome.org/Archive/policykit-gnome got archived and is considered "legacy" now? What is "the way" to have graphical applications ask for rights through #PolKit #PolicyKit?

#pidfds in #polkit!
https://gitlab.freedesktop.org/polkit/polkit/-/merge_requests/154

Sweet! Great work by @bluca

Rooted another OSCP machine this morning. There is no other exploit that has been more widespread and easy to leverage than pwnkit (CVE-2021-4034). I've simply lost count of the the number of machines I've been able to use this on to get root access from a low-privilege account. For people who do this kind of stuff, this post is a cold take, but I just wanted to come here and state the obvious. #OSCP #pwnkit #polkit #CVE-2021-4034 #Linux #pkexec #setuid

From the Ubuntu website: "A local privilege escalation vulnerability was found on polkit’s pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn’t handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it’ll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine."

One thing that I think we've lost over the last 20 years is "audio cues" #linux #foss #kde #gnome #opensource -- the desktop used to give a lot more audio feedback as to the events & status of events.

Empty the recycle bin? It had s simple audio cue play

Copy a folder? You have a audio cue to communicate success.

New email? Cue AOL charming & cringy "You've got mail.wav"

OS Startup? You feel like you are getting excited to get something done withe Windows XP - 7 and early 2000s Ubuntu startup sounds.

I think this principle could be taken so much farther -- perform a #rsync Why not have a audio cue for both Success.ogg and Failure.ogg -- or what about #polkit password verification, you are multi tasking on the phone or doing something in your office -- having a cue to redirect your attention to that you need to enter a password would be helpful.

Same thing goes for #pacman #yay and #paru in #archlinux

There are times you are compiling a program and it needs extra privileges to install but you don't notice it -- it would make a huge difference if we had a hook system and could Enable/Disable audio cues & notifications -- that would be a huge improvement.

I could really see this also bringing a lot of value in #linuxphone space, with #ubuntutouch #postmarketos #sxmo and others.

Its really hard to know what your missing when its been so long since you had it.

Plug in a USB Flash Drive? Audio Cue

Connect / Disconnect your phone to your computer? Audio Cue

Remote SSH Connection logs into your machine? Notification & Audio Cue.

With the right sound packs there is so much room for improvement -- #steamdeck #steamos v3 does a good job with this too giving subtle cues as you navigate the UX, startup, shutdown, etc...

Bah #polkit ist ja nette Idee aber auch irgendwie scheiße umgesetzt oder ich stelle mich nur zum blöd an.

#CISA warns of #hackers exploiting #PwnKit #Linux #vulnerability

https://www.bleepingcomputer.com/news/security/cisa-warns-of-hackers-exploiting-pwnkit-linux-vulnerability/

To check, whether or not, your #RPM based distro is patched, try:
rpm -q --changelog polkit | grep -i cve

Does anyone have a nice and simple example of a #python script that involves #policykit / #polkit to ultimately write a file to a root-owned directory?

Linux system service bug gives root on all major distros, exploit released

#polkit #pwnkit #exploit

https://www.bleepingcomputer.com/news/security/linux-system-service-bug-gives-root-on-all-major-distros-exploit-released/