Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2024-01-18 | Migration noticeHEADmaster | Jan Rybar | 1 | -88/+7 | |
2024-01-17 | post-124-release bump | Jan Rybar | 1 | -1/+1 | |
2024-01-17 | Release 124 | Jan Rybar | 1 | -0/+40 | |
2024-01-17 | Move vendored PAM configuration from /etc | Jan Rybar | 1 | -2/+3 | |
2023-12-21 | Enforce that calling CheckAuthorization() with pidfd also is passed a uid | Luca Boccassi | 3 | -2/+11 | |
When unix-process is used and a uid is not passed, it will be derived from the running process. But this is racy, as the identity can change over time (e.g.: setuid binaries can be exec'ed). If the caller can securely fetch the pidfd of a process (e.g.: via SO_PEERPIDFD), then it can also securely fetch the uid (e.g.: via SO_PEERCRED), so enforce that they are passed together to avoid possible races, in case a polkit rule performs authorization based on the uid. Follow-up for 374a628038474a45f | |||||
2023-12-14 | Add pidfd parameter to CheckAuthorization() | Luca Boccassi | 5 | -25/+65 | |
2023-11-29 | Update Russian translation | Aleksandr Melman | 1 | -7/+7 | |
2023-11-29 | Add sysusers file | Zbigniew Jędrzejewski-Szmek | 5 | -2/+23 | |
2023-11-02 | mozjs: apply user_of_subject fix as well | Luca Boccassi | 1 | -9/+12 | |
Same fix is needed as in the duktape case. Follow-up for 89b7a37b91 | |||||
2023-11-02 | Update German translation | Christian K | 1 | -12/+14 | |
2023-11-02 | unit: drop IPAddressDeny=any | Luca Boccassi | 1 | -1/+0 | |
It is not useful, as only AF_UNIX sockets are permitted anyway, and a network namespace it is used. It requires loading a BPF program which might not work everywhere. | |||||
2023-10-30 | polkit_system_bus_name_get_creds_sync: unref fdlist | Luca Boccassi | 1 | -1/+3 | |
The fd_list object is owned by the caller and has to be freed. Follow-up for a23d9ce375dcbc64aade92f3e082182b993c1169 | |||||
2023-10-04 | data: Add rulesdir variable | Ray Strode | 1 | -0/+1 | |
The polkit-gobject-1.pc file currently doesn't offer a variable where polkit rules can be installed. This commit fixes that. | |||||
2023-10-04 | jsauthority: Bump mozjs to 115 | Xi Ruoyao | 1 | -1/+1 | |
No code change is needed! | |||||
2023-10-04 | Unit hardening option is missing from intended original commit | Jan Rybar | 1 | -1/+1 | |
2023-10-03 | meson.build: only run HAVE_SETNETGRENT_RETURN check if setnetgrent found | Sam James | 1 | -12/+14 | |
2023-10-03 | New file introduced in Fedora downstream broke Packit CI | Jan Rybar | 1 | -0/+1 | |
2023-10-03 | user_of_subject is NULL if DBus provides groups | Jan Rybar | 1 | -9/+12 | |
2023-09-12 | Update Czech translation | AsciiWolf | 1 | -40/+47 | |
2023-08-17 | jsauthority: add 'system_unit' and 'no_new_privileges' subject attributes | Luca Boccassi | 9 | -5/+284 | |
When building with libsystemd support, query the systemd unit name that the process if part of (if any) and add it as a subject attribute. Allows allow-listing actions based on the systemd unit: polkit.addRule(function(action, subject) { if (action.id.indexOf("org.foo.bar") == 0) { if (subject.system_unit == "test.service" && subject.no_new_privileges) { return polkit.Result.YES; } } }); We call it system_unit instead of just unit to make it extra clear that this is about system units, rather than user units. If we ran as root we could also query for the user unit, but we are running as the polkitd user in most cases which means we cannot connect to other D-Bus sessions to perform the query. We only do this if we can pin the subject process by PIDFD, as that's safer PIDs can be recycled. Skip if not possible because the D-Bus daemon and/or systemd are too old and do not support the functionality. Also we check for the NoNewPrivileges= being set, so that we can ensure that the unit cannot alter its uid via a setuid binary. But let this last part be decided by policy, as a system builder might simply ensure that no setuid binaries are shipped at all, which is equivalent. This requires dbus-broker v34 or dbus-daemon v15.7 and systemd v253 and kernel v6.5. | |||||
2023-08-17 | jsauthority: parse groups from GetConnectionCredentials() if available | Luca Boccassi | 5 | -63/+293 | |
D-Bus will give us supplementary groups too, using SO_PEERSEC which is secure and safe against races, so prefer that to parsing the group from the uid. This is available when using dbus-broker. Fixes https://gitlab.freedesktop.org/polkit/polkit/-/issues/165 | |||||
2023-08-17 | polkitd: use PIDFDs if available to track processes | Luca Boccassi | 7 | -45/+386 | |
PIDs can be recycled, so when possible it is best to try and use PIDFDs, which are pinned. Change polkitd's unixprocess class so that, if the PIDFD syscall is available, it does not store a PID but only the PIDFD, and gets the PID when required on the fly (which will intentionally fail if the process has disappeared, so that we avoid recycling races). In the future we will be able to get the PIDFD directly from D-Bus' GetConnectionCredentials() call, but for now get the FD from the PID. It does not completely close the window, but makes things significantly better already. | |||||
2023-08-16 | Update Swedish translation | Anders Jonsson | 1 | -4/+4 | |
2023-08-16 | pkexec: fix uninitialized pointer warning | Vincent Mihalkovic | 1 | -1/+2 | |
2023-08-08 | Update Turkish translation | Sabri Ünal | 1 | -42/+48 | |
2023-08-08 | po: Update Georgian translation | NorwayFun | 1 | -28/+36 | |
2023-08-02 | Update file README.md | Jan Rybar | 1 | -0/+5 | |
2023-07-30 | jsauthority: mozjs: Disable JIT | Xi Ruoyao | 1 | -1/+10 | |
The JIT compiling of mozjs needs W/X mapping, but our systemd hardening setting does not allow it. For polkit, security is much more important than the speed running Javascript code in rule files, so we should disable JIT. Fixes #199. | |||||
2023-07-28 | Update file meson.build | Jan Rybar | 1 | -1/+1 | |
2023-07-28 | Release 123123 | Jan Rybar | 1 | -0/+44 | |
2023-07-28 | Official mailing list address is missing in README | Jan Rybar | 1 | -0/+3 | |
2023-07-16 | Update Polish translation | Piotr Drąg | 1 | -4/+4 | |
2023-06-20 | pkcheck: fix a difference between the manual page and the `--help|-h` output | Vincent Mihalkovic | 2 | -12/+12 | |
2023-05-24 | Harden systemd service | Jan Rybar | 1 | -0/+27 | |
2023-05-24 | duktape: prevent wrongful termination of runaway thread | Laurent Gauthier | 1 | -0/+39 | |
2023-04-25 | unixgroup: Fix return annotation, so that is really nullable | Marco Trevisan | 1 | -1/+1 | |
2023-04-25 | Add out param GI annotation to polkit_implicit_authorization_from_string | Val Packett | 1 | -0/+5 | |
2023-04-12 | Add Russian translation | Aleksandr Melman | 1 | -0/+217 | |
2023-04-12 | Update LINGUAS | Aleksandr Melman | 1 | -0/+1 | |
2023-04-11 | docs, build: replace the mailman url with the gitlab/issues url | Vincent Mihalkovic | 8 | -8/+8 | |
2023-04-05 | polkitagentsession: Fix the tautological check for add_newline | Vincent Mihalkovic | 1 | -1/+1 | |
2023-04-05 | systemd: set User/Group and don't change uid/gid if already set | Luca Boccassi | 3 | -3/+12 | |
2023-04-03 | Ownership of custom rules changed to increase security | Jan Rybar | 1 | -6/+6 | |
2023-03-21 | Update Swedish translation | Anders Jonsson | 1 | -14/+17 | |
2023-03-21 | Stop installing /usr/share/polkit-1/rules.d as 700/polkitd | Luca Boccassi | 2 | -19/+13 | |
2023-03-21 | The templates are not chosen by default in the web UI. | Jan Rybar | 2 | -0/+0 | |
2023-03-18 | Update Polish translation | Piotr Drąg | 1 | -10/+11 | |
2023-03-15 | Gitlab templates | Jan Rybar | 2 | -0/+24 | |
2023-03-15 | pkexec: improve pkexec authentication message | Vincent Mihalkovic | 1 | -2/+11 | |
2023-03-15 | Mitigate the change in pipeline restriction (runners misused by miners) | Jan Rybar | 1 | -0/+7 | |
https://gitlab.freedesktop.org/freedesktop/freedesktop/-/issues/438 |