Miroslav Trmac reported that gksu-polkit ships with an extremely permissive PolicyKit policy configuration file [1]. Because gksu-polkit allows a user to execute a program with administrative privileges, and because the default allow_active setting is "auth_self" rather than "auth_admin", any local user can use gksu-polkit to execute arbitrary programs (like a bash shell) with root privileges. For example: $ cat foo.sh #! /bin/bash id -a # not just gksu-polkit id -a because gksu-polkit tries to interpret the -a # this prompts for user's password only $ gksu-polkit /home/user/foo.sh uid=0(root) gid=0(root) groups=0(root) context=system_u:system_r:initrc_t:s0 [1] http://anonscm.debian.org/gitweb/?p=users/kov/gksu-polkit.git;a=blob;f=data/org.gnome.gksu.policy;h=ff0e4187941147d4f6c7ca53ebd1757521337288;hb=HEAD
Created gksu-polkit tracking bugs for this issue Affects: fedora-18 [bug 886671]
gksu-polkit-0.0.3-6.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.
This issue was not properly fixed; please see bug #987561 (CVE-2013-4161) for details.
gksu-polkit-0.0.3-8.gitf8ce834c.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
gksu-polkit-0.0.3-8.gitf8ce834c.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.