#polkit

anybody know of a #polkit authentication agent that lets you use a numpad like the #phosh passcode entry screen?

#mobian #linux #debian

Perfctl: una minaccia silenziosa ai server Linux

https://gomoot.com/perfctl-una-minaccia-silenziosa-ai-server-linux

#aqua #aquasecteam #blog #cve #linux #malware #news #picks #polkit #rocketmq #server #sicurezza #stealth #tech #tecnologia

Okay, what is the modern way to request a password or secret from the user in this day and age?

Pinentry and ssh-askpass is no go and I can't quite grok the dbus secret service from the polkit auth?

#Linux #dbus #polkit

Herunterfahren und Neustart unter Ubuntu 22.04 deaktivieren:

Mit nur zwei Befehlen verhinderst du effektiv, dass Remote-Benutzer:innen einen virtuellen PC mit Ubuntu 22.04.4 LTS neu starten oder herunterfahren können.

https://andersgood.de/kurz-notiert/herunterfahren-und-neustart-unter-ubuntu-22-04-deaktivieren

#SWEETGOOD #andersGOOD #Ubuntu #Polkit

KDE6 release: D-Bus and Polkit Galore: https://security.opensuse.org/2024/04/02/kde6-dbus-polkit.html #linux #update #foss #release #kde6 #dbus #polkit

Dark variant of the polkit website banner.

#pixelart #pixaki #polkit #freedesktop

Polkit illustration.

#pixaki #pixelart #polkit #fdo #freedesktop

Looking into #Polkit and #Firewalld for... reasons. Was browsing through the #DBus interface for Firewalld and found this. I immediately had a movie scenario in my head when I read about panic mode.

"Sir, multiple incoming connections. They are entering the mainframe. What do we do?!"

"We don't have a choice. Do it!"

"But Sir..."

"DO IT! ENABLE PANIC MODE, NOW!!"

Anyways, time to dig further into the documentation.

#development #programming

Error: org.freedesktop.NetworkManager.wifi.scan request failed: not authorized.

This one is quickly eating away my resolve to setup my own Raspberry Pi based astrophotography control computer from scratch...

#Linux #polkit #NetworkManager #Ubuntu

Broken Authorization Bug Found By SUSE Linux In Mozilla VPN Client Could Have Possibly Allowed Local Users To Manipulate Traffic

#Infosec #News #cybersecurity #VPN #Mozilla #security #privacy #routing #Linux #Polkit #SUSE #FOSS

https://www.theregister.com/2023/08/04/mozilla_vpn_linux_flaw

#pidfds in #polkit!
https://gitlab.freedesktop.org/polkit/polkit/-/merge_requests/154

Sweet! Great work by @bluca

#birdsite

@c0nsid3rate I've taken and failed OSCP 4 times (number 5 coming in January!). I think I used #polkit to privesc in number 2.

Rooted another OSCP machine this morning. There is no other exploit that has been more widespread and easy to leverage than pwnkit (CVE-2021-4034). I've simply lost count of the the number of machines I've been able to use this on to get root access from a low-privilege account. For people who do this kind of stuff, this post is a cold take, but I just wanted to come here and state the obvious. #OSCP #pwnkit #polkit #CVE-2021-4034 #Linux #pkexec #setuid

From the Ubuntu website: "A local privilege escalation vulnerability was found on polkit’s pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn’t handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it’ll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine."

One thing that I think we've lost over the last 20 years is "audio cues" #linux #foss #kde #gnome #opensource -- the desktop used to give a lot more audio feedback as to the events & status of events.

Empty the recycle bin? It had s simple audio cue play

Copy a folder? You have a audio cue to communicate success.

New email? Cue AOL charming & cringy "You've got mail.wav"

OS Startup? You feel like you are getting excited to get something done withe Windows XP - 7 and early 2000s Ubuntu startup sounds.

I think this principle could be taken so much farther -- perform a #rsync Why not have a audio cue for both Success.ogg and Failure.ogg -- or what about #polkit password verification, you are multi tasking on the phone or doing something in your office -- having a cue to redirect your attention to that you need to enter a password would be helpful.

Same thing goes for #pacman #yay and #paru in #archlinux

There are times you are compiling a program and it needs extra privileges to install but you don't notice it -- it would make a huge difference if we had a hook system and could Enable/Disable audio cues & notifications -- that would be a huge improvement.

I could really see this also bringing a lot of value in #linuxphone space, with #ubuntutouch #postmarketos #sxmo and others.

Its really hard to know what your missing when its been so long since you had it.

Plug in a USB Flash Drive? Audio Cue

Connect / Disconnect your phone to your computer? Audio Cue

Remote SSH Connection logs into your machine? Notification & Audio Cue.

With the right sound packs there is so much room for improvement -- #steamdeck #steamos v3 does a good job with this too giving subtle cues as you navigate the UX, startup, shutdown, etc...

Does anyone have a nice and simple example of a #python script that involves #policykit / #polkit to ultimately write a file to a root-owned directory?

Linux system service bug gives root on all major distros, exploit released

#polkit #pwnkit #exploit

https://www.bleepingcomputer.com/news/security/linux-system-service-bug-gives-root-on-all-major-distros-exploit-released/

#polkit fix for @yunohost

Linux folks – remember to update your systems (elementary OS: run Operating System Updates from AppCenter or sudo apt update from Terminal) to fix Polkit vulnerability.

#linux #security #polkit

See above toot for the demo video using the local root #exploit for #Polkit/#pkexec as an example in a intro talk on #linux #permissions/#privileges.

Learn more on the vulnerability behind it here:

#polkit #Exploit #Security #infosec #Cybersecurity #FOSS #News
https://www.bleepingcomputer.com/news/security/linux-system-service-bug-gives-root-on-all-major-distros-exploit-released/