Bug 1657021 - Systemd error handling is insufficient when dealing with polkit.
Summary: Systemd error handling is insufficient when dealing with polkit.
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: polkit
Version: 7.5
Hardware: Unspecified
OS: Linux
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Polkit Maintainers
QA Contact: qe-baseos-daemons
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-12-06 20:53 UTC by Trevor Vaughan
Modified: 2021-03-15 07:32 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-03-15 07:32:16 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description Trevor Vaughan 2018-12-06 20:53:00 UTC 
Description of problem:

Systemd error handling is insufficient when dealing with polkit.


Version-Release number of selected component (if applicable):

219-57.el7_5.3.x86_64

How reproducible:

1. Follow the instructions at https://gitlab.freedesktop.org/polkit/polkit/issues/74

2. Run `virsh connect qemu:///system` as the new user

Actual results:

Unprivileged user has the ability to perform privileged actions with systemd commands. Evaluated 'systemctl' and 'loginctl' and was able to modify system settings without issue.

Expected results:

Systemd will deny access to invalid users attempting to run privileged commands in a manner similar to libvirt.

Libvirt error message: "error: error from service: CheckAuthorization: Unix process subject does not have uid set"
Comment 4 RHEL Program Management 2021-03-15 07:32:16 UTC 
After evaluating this issue, there are no plans to address it further or fix it in an upcoming release.  Therefore, it is being closed.  If plans change such that this issue will be fixed in an upcoming release, then the bug can be reopened.
Note You need to log in before you can comment on or make changes to this bug.