Error: org.freedesktop.NetworkManager.wifi.scan request failed: not authorized.

This one is quickly eating away my resolve to setup my own Raspberry Pi based astrophotography control computer from scratch...

#Linux #polkit #NetworkManager #Ubuntu

#TechAdviceNeeded
allow specific user mount specific partition

#UDisks #UDisksCtl #FsTab #Linux #ArchLinux #Polkit

I've raised a issue for #linux #polkit to ask about granular `pkexec` allow-lists: https://gitlab.freedesktop.org/polkit/polkit/-/issues/197

polkit allows me to match based on the first argument, but not any further arguments, which means I can't allow-list certain safe `pkexec` invocations without also allow-listing dangerous ones (my example is `pkexec btrfs foo` where "foo" alone is not enough to isolate safe invocations)

Am I thinking about this the wrong way? I did try to achieve this with a #sudo configuration but it's matching system is filled with foot-guns

is there a simple way to just have a terminal-based polkit authentication agent instead of using a GUI like `polkit-gnome-authentication-agent-1` ?

#linux #polkit

#pidfds in #polkit!
https://gitlab.freedesktop.org/polkit/polkit/-/merge_requests/154

Sweet! Great work by @bluca

#birdsite

I am trying to daily drive my #oneplus6t as much as possible with #postmarketos, which is running #phosh, as much as possible. I am an advid note taker, and I am missing a sync note app that has encryption by default. That will be my next project as soon as I can figure out #polkit.

I am writing a simple wireguard ui for my mobile linux device using gtk4. Part of the app randomly picks a wireguard config from /etc/wireguard. That directory is protected from access and requires root privileges. I am trying to figure out how to use polkit in rust. I could use some help.

#gtk4 #polkit #rust

@c0nsid3rate I've taken and failed OSCP 4 times (number 5 coming in January!). I think I used #polkit to privesc in number 2.

Rooted another OSCP machine this morning. There is no other exploit that has been more widespread and easy to leverage than pwnkit (CVE-2021-4034). I've simply lost count of the the number of machines I've been able to use this on to get root access from a low-privilege account. For people who do this kind of stuff, this post is a cold take, but I just wanted to come here and state the obvious. #OSCP #pwnkit #polkit #CVE-2021-4034 #Linux #pkexec #setuid

From the Ubuntu website: "A local privilege escalation vulnerability was found on polkit’s pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn’t handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it’ll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine."

One thing that I think we've lost over the last 20 years is "audio cues" #linux #foss #kde #gnome #opensource -- the desktop used to give a lot more audio feedback as to the events & status of events.

Empty the recycle bin? It had s simple audio cue play

Copy a folder? You have a audio cue to communicate success.

New email? Cue AOL charming & cringy "You've got mail.wav"

OS Startup? You feel like you are getting excited to get something done withe Windows XP - 7 and early 2000s Ubuntu startup sounds.

I think this principle could be taken so much farther -- perform a #rsync Why not have a audio cue for both Success.ogg and Failure.ogg -- or what about #polkit password verification, you are multi tasking on the phone or doing something in your office -- having a cue to redirect your attention to that you need to enter a password would be helpful.

Same thing goes for #pacman #yay and #paru in #archlinux

There are times you are compiling a program and it needs extra privileges to install but you don't notice it -- it would make a huge difference if we had a hook system and could Enable/Disable audio cues & notifications -- that would be a huge improvement.

I could really see this also bringing a lot of value in #linuxphone space, with #ubuntutouch #postmarketos #sxmo and others.

Its really hard to know what your missing when its been so long since you had it.

Plug in a USB Flash Drive? Audio Cue

Connect / Disconnect your phone to your computer? Audio Cue

Remote SSH Connection logs into your machine? Notification & Audio Cue.

With the right sound packs there is so much room for improvement -- #steamdeck #steamos v3 does a good job with this too giving subtle cues as you navigate the UX, startup, shutdown, etc...

#CISA warns of #hackers exploiting #PwnKit #Linux #vulnerability

https://www.bleepingcomputer.com/news/security/cisa-warns-of-hackers-exploiting-pwnkit-linux-vulnerability/

To check, whether or not, your #RPM based distro is patched, try:
rpm -q --changelog polkit | grep -i cve

#CVE #CVE20214034 #polkit #security #cybersecurity

Does anyone have a nice and simple example of a #python script that involves #policykit / #polkit to ultimately write a file to a root-owned directory?

Linux folks – remember to update your systems (elementary OS: run Operating System Updates from AppCenter or sudo apt update from Terminal) to fix Polkit vulnerability.

#linux #security #polkit

See above toot for the demo video using the local root #exploit for #Polkit/#pkexec as an example in a intro talk on #linux #permissions/#privileges.

Learn more on the vulnerability behind it here:

#polkit #Exploit #Security #infosec #Cybersecurity #FOSS #News
https://www.bleepingcomputer.com/news/security/linux-system-service-bug-gives-root-on-all-major-distros-exploit-released/

Sicherheitslücke durch #Polkit #linux https://www.heise.de/news/Root-Zugriff-unter-Linux-durch-Polkit-Luecke-6338569.html

Demo: #Linux #polkit local #root #exploit on video + using it as jump point for this Beginner Linux Intro to user/group #permissions/#privileges.

#News #Infosec #Cybersecurity #Tutorial

Watch on #Peertube: https://tube.tchncs.de/w/mjhg1zVSir7qEEYwG3vwmt

#Odysee: https://odysee.com/@RTP:9/beginner-intro-linux-permissions:8

#Bitchute: https://www.bitchute.com/video/c8vMeD4QPREi/

#PwnKit : brèche sécuritaire impactant #Polkit et permettant un accès root “complet” ! (depuis près de 12 ans…)

https://blog.sosordi.net/2022/01/pwnkit-breche-securitaire-impactant-polkit-et-permettant-un-acces-root-complet-depuis-pres-de-12-ans.html

#securite #Linux #miseAjour

Zero-Day-Exploit: PwnKit-Schwachstelle erlaubt Root-Rechte unter Linux https://www.computerbase.de/2022-01/zero-day-exploit-pwnkit-schwachstelle-erlaubt-root-rechte-unter-linux/ #PwnKit #Polkit #Linux #OpenSource

Zero-Day-Exploit: PwnKit-Schwachstelle erlaubt Root-Rechte unter Linux https://www.computerbase.de/2022-01/zero-day-exploit-pwnkit-schwachstelle-erlaubt-root-rechte-unter-linux/ #PwnKit #Polkit #Linux #OpenSource

Hanno trovato nel novembre 2021 una vulnerabilità su #polkit un componente usato anche da #Linux. Attraverso questa vulnerabilità un utente malintenzionato potrebbe eseguire con i privilegi di root del codice arbitrario. Sembra che ci sia una patch ad oggi

https://www.securityweek.com/polkit-vulnerability-provides-root-privileges-linux-systems