|
|
Subscribe / Log in / New account

What about SSH?

What about SSH?

Posted Feb 21, 2024 22:54 UTC (Wed) by smcv (subscriber, #53363)
In reply to: What about SSH? by ronja
Parent article: Sudo and its alternatives

Yes, polkit is more authorization framework than privilege-elevation tool.

polkit does have its own sudo-like tool, pkexec, which I personally think is a more concerning attack surface than polkit itself (because it's setuid root and therefore needs to distrust its execution environment, just like sudo, doas and everything similar). In recent Debian/Ubuntu, pkexec is packaged separately, so that it doesn't need to be installed on every system that has polkitd.

to post comments

What about SSH?

Posted Feb 22, 2024 10:52 UTC (Thu) by lobachevsky (subscriber, #121871) [Link]

Thanks for mentioning this! I hadn't noticed that polkit had been split so nicely. Now I can get rid of pkexec while keeping polkitd around.


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds