Tóth Gábor Baltazár on Nostr: I just found out how polkit is implemented and I'm horrified you have a GUI running ...
I just found out how polkit is implemented and I'm horrified
you have a GUI running as a regular user that asks for your password and then gives it to the linked helper SUID binary
and this binary then checks it and sends a message to the polkit daemon that you entered the correct password
(technically it's more complicated because PAM)
I thought this was in the daemon, why is it in a SUID binary???
https://github.com/polkit-org/polkit/blob/main/src/polkitagent/polkitagenthelper-pam.c
you have a GUI running as a regular user that asks for your password and then gives it to the linked helper SUID binary
and this binary then checks it and sends a message to the polkit daemon that you entered the correct password
(technically it's more complicated because PAM)
I thought this was in the daemon, why is it in a SUID binary???
https://github.com/polkit-org/polkit/blob/main/src/polkitagent/polkitagenthelper-pam.c