This repository has been archived by the owner on Mar 3, 2023. It is now read-only.
Escalate privileges when writing into a restricted location on Linux #19412
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This is used by fs-admin to invoke `pkexec` and escalate privileges to write into restricted locations. Co-Authored-By: Rafael Oleza <rafeca@github.com>
This is a polkit policy that is read when fs-admin invokes `dd` via `pkexec` after trying to write into a restricted location. By specifying `auth_admin_keep`, we are telling the polkit daemon to not prompt users for a password again if they have already escalated privileges recently. Co-Authored-By: Rafael Oleza <rafeca@github.com>
Co-Authored-By: Rafael Oleza <rafeca@github.com>
See 50f73a5 for more details. Co-Authored-By: Rafael Oleza <rafeca@github.com>
This was referenced May 28, 2019
|
I tested this on Ubuntu and Fedora, and Atom now correctly prompts me to escalate privileges when attempting to write to a restricted file. I plan to merge this as soon as we have a green build. |
Merged
6 tasks
@as-cii Thank you for the marvellous job! Is there any ETA for Windows 10? It is a long time we are waiting to be able to escalate privileges. The previous issues signling the problem now are closed, but as far as I know the feature is still not implemented. Shall I open a new issue? |
1 task
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes #4115
This pull request upgrades text-buffer to prompt the user for privilege escalation when attempting to write to an unauthorized location on Linux. It takes advantage of Polkit, which has now become a required dependency in the Debian and RPM distributions (1e87055 and 949e53e). Note that distros such as Ubuntu Desktop ship with a version of Polkit already.
The packages distributed from this version onward will also install a
.policyfile (50f73a5 and 3b5eb5d) that takes care of customizing the privilege escalation prompt, as well as retaining admin access todd(the command line utility that we use for flushing in-memory text into a file) for a short period of time.🍐'd with @rafeca