summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2024-01-18Migration noticeHEADmasterJan Rybar1-88/+7
2024-01-17post-124-release bumpJan Rybar1-1/+1
2024-01-17Release 124Jan Rybar1-0/+40
2024-01-17Move vendored PAM configuration from /etcJan Rybar1-2/+3
2023-12-21Enforce that calling CheckAuthorization() with pidfd also is passed a uidLuca Boccassi3-2/+11
When unix-process is used and a uid is not passed, it will be derived from the running process. But this is racy, as the identity can change over time (e.g.: setuid binaries can be exec'ed). If the caller can securely fetch the pidfd of a process (e.g.: via SO_PEERPIDFD), then it can also securely fetch the uid (e.g.: via SO_PEERCRED), so enforce that they are passed together to avoid possible races, in case a polkit rule performs authorization based on the uid. Follow-up for 374a628038474a45f
2023-12-14Add pidfd parameter to CheckAuthorization()Luca Boccassi5-25/+65
2023-11-29Update Russian translationAleksandr Melman1-7/+7
2023-11-29Add sysusers fileZbigniew Jędrzejewski-Szmek5-2/+23
2023-11-02mozjs: apply user_of_subject fix as wellLuca Boccassi1-9/+12
Same fix is needed as in the duktape case. Follow-up for 89b7a37b91
2023-11-02Update German translationChristian K1-12/+14
2023-11-02unit: drop IPAddressDeny=anyLuca Boccassi1-1/+0
It is not useful, as only AF_UNIX sockets are permitted anyway, and a network namespace it is used. It requires loading a BPF program which might not work everywhere.
2023-10-30polkit_system_bus_name_get_creds_sync: unref fdlistLuca Boccassi1-1/+3
The fd_list object is owned by the caller and has to be freed. Follow-up for a23d9ce375dcbc64aade92f3e082182b993c1169
2023-10-04data: Add rulesdir variableRay Strode1-0/+1
The polkit-gobject-1.pc file currently doesn't offer a variable where polkit rules can be installed. This commit fixes that.
2023-10-04jsauthority: Bump mozjs to 115Xi Ruoyao1-1/+1
No code change is needed!
2023-10-04Unit hardening option is missing from intended original commitJan Rybar1-1/+1
2023-10-03meson.build: only run HAVE_SETNETGRENT_RETURN check if setnetgrent foundSam James1-12/+14
2023-10-03New file introduced in Fedora downstream broke Packit CIJan Rybar1-0/+1
2023-10-03user_of_subject is NULL if DBus provides groupsJan Rybar1-9/+12
2023-09-12Update Czech translationAsciiWolf1-40/+47
2023-08-17jsauthority: add 'system_unit' and 'no_new_privileges' subject attributesLuca Boccassi9-5/+284
When building with libsystemd support, query the systemd unit name that the process if part of (if any) and add it as a subject attribute. Allows allow-listing actions based on the systemd unit: polkit.addRule(function(action, subject) { if (action.id.indexOf("org.foo.bar") == 0) { if (subject.system_unit == "test.service" && subject.no_new_privileges) { return polkit.Result.YES; } } }); We call it system_unit instead of just unit to make it extra clear that this is about system units, rather than user units. If we ran as root we could also query for the user unit, but we are running as the polkitd user in most cases which means we cannot connect to other D-Bus sessions to perform the query. We only do this if we can pin the subject process by PIDFD, as that's safer PIDs can be recycled. Skip if not possible because the D-Bus daemon and/or systemd are too old and do not support the functionality. Also we check for the NoNewPrivileges= being set, so that we can ensure that the unit cannot alter its uid via a setuid binary. But let this last part be decided by policy, as a system builder might simply ensure that no setuid binaries are shipped at all, which is equivalent. This requires dbus-broker v34 or dbus-daemon v15.7 and systemd v253 and kernel v6.5.
2023-08-17jsauthority: parse groups from GetConnectionCredentials() if availableLuca Boccassi5-63/+293
D-Bus will give us supplementary groups too, using SO_PEERSEC which is secure and safe against races, so prefer that to parsing the group from the uid. This is available when using dbus-broker. Fixes https://gitlab.freedesktop.org/polkit/polkit/-/issues/165
2023-08-17polkitd: use PIDFDs if available to track processesLuca Boccassi7-45/+386
PIDs can be recycled, so when possible it is best to try and use PIDFDs, which are pinned. Change polkitd's unixprocess class so that, if the PIDFD syscall is available, it does not store a PID but only the PIDFD, and gets the PID when required on the fly (which will intentionally fail if the process has disappeared, so that we avoid recycling races). In the future we will be able to get the PIDFD directly from D-Bus' GetConnectionCredentials() call, but for now get the FD from the PID. It does not completely close the window, but makes things significantly better already.
2023-08-16Update Swedish translationAnders Jonsson1-4/+4
2023-08-16pkexec: fix uninitialized pointer warningVincent Mihalkovic1-1/+2
2023-08-08Update Turkish translationSabri Ünal1-42/+48
2023-08-08po: Update Georgian translationNorwayFun1-28/+36
2023-08-02Update file README.mdJan Rybar1-0/+5
2023-07-30jsauthority: mozjs: Disable JITXi Ruoyao1-1/+10
The JIT compiling of mozjs needs W/X mapping, but our systemd hardening setting does not allow it. For polkit, security is much more important than the speed running Javascript code in rule files, so we should disable JIT. Fixes #199.
2023-07-28Update file meson.buildJan Rybar1-1/+1
2023-07-28Release 123123Jan Rybar1-0/+44
2023-07-28Official mailing list address is missing in READMEJan Rybar1-0/+3
2023-07-16Update Polish translationPiotr Drąg1-4/+4
2023-06-20pkcheck: fix a difference between the manual page and the `--help|-h` outputVincent Mihalkovic2-12/+12
2023-05-24Harden systemd serviceJan Rybar1-0/+27
2023-05-24duktape: prevent wrongful termination of runaway threadLaurent Gauthier1-0/+39
2023-04-25unixgroup: Fix return annotation, so that is really nullableMarco Trevisan1-1/+1
2023-04-25Add out param GI annotation to polkit_implicit_authorization_from_stringVal Packett1-0/+5
2023-04-12Add Russian translationAleksandr Melman1-0/+217
2023-04-12Update LINGUASAleksandr Melman1-0/+1
2023-04-11docs, build: replace the mailman url with the gitlab/issues urlVincent Mihalkovic8-8/+8
2023-04-05polkitagentsession: Fix the tautological check for add_newlineVincent Mihalkovic1-1/+1
2023-04-05systemd: set User/Group and don't change uid/gid if already setLuca Boccassi3-3/+12
2023-04-03Ownership of custom rules changed to increase securityJan Rybar1-6/+6
2023-03-21Update Swedish translationAnders Jonsson1-14/+17
2023-03-21Stop installing /usr/share/polkit-1/rules.d as 700/polkitdLuca Boccassi2-19/+13
2023-03-21The templates are not chosen by default in the web UI.Jan Rybar2-0/+0
2023-03-18Update Polish translationPiotr Drąg1-10/+11
2023-03-15Gitlab templatesJan Rybar2-0/+24
2023-03-15pkexec: improve pkexec authentication messageVincent Mihalkovic1-2/+11
2023-03-15Mitigate the change in pipeline restriction (runners misused by miners) Jan Rybar1-0/+7
https://gitlab.freedesktop.org/freedesktop/freedesktop/-/issues/438
generated by cgit v1.2.3 (git 2.39.1) at 2024-04-26 03:28:15 +0000