I just found out how polkit is implemented and I'm horrified
you have a GUI running as a regular user that asks for your password and then gives it to the linked helper SUID binary
and this binary then checks it and sends a message to the polkit daemon that you entered the correct password
(technically it's more complicated because PAM)
I thought this was in the daemon, why is it in a SUID binary???
https://github.com/polkit-org/polkit/blob/main/src/polkitagent/polkitagenthelper-pam.c
Tóth Gábor Baltazár /
npub1n3…2s4gq
2025-02-17 20:15:03
Author Public Key
npub1n3w0dujvls8z3eyvv6zjdssqx3c54xeptxdzxf9ashqq6pckftgqv2s4gqPublished at
2025-02-17 20:15:03Event JSON
{
"id": "51aeb6f47d519fdbd67b5cee2bbc9e61235d30474a405f35ff548b01c309a609",
"pubkey": "9c5cf6f24cfc0e28e48c668526c20034714a9b21599a2324bd85c00d07164ad0",
"created_at": 1739823303,
"kind": 1,
"tags": [
[
"proxy",
"https://chaos.social/users/tthbaltazar/statuses/114021060047339458",
"activitypub"
]
],
"content": "I just found out how polkit is implemented and I'm horrified\n\nyou have a GUI running as a regular user that asks for your password and then gives it to the linked helper SUID binary\n\nand this binary then checks it and sends a message to the polkit daemon that you entered the correct password\n\n(technically it's more complicated because PAM)\n\nI thought this was in the daemon, why is it in a SUID binary???\n\nhttps://github.com/polkit-org/polkit/blob/main/src/polkitagent/polkitagenthelper-pam.c",
"sig": "2951482391378e084f622acf305dfabff924ccf6cbd37978855ed2b803b0aa4b547ab02b62c4384aaec0b25a6a34c2fe232adc70275c1b5c5ed7f255d499b908"
}