February 10, 2008 · Security ·


Sponsored Link
PolicyKit is an application-level toolkit for defining and handling the policy that allows unprivileged processes to speak to privileged processes: It is a framework for centralizing the decision making process with respect to granting access to privileged operations for unprivileged applications. PolicyKit is specifically targeting applications in rich desktop environments on multi-user UNIX-like operating systems. It does not imply or rely on any exotic kernel features.

PolicyKit recognizes users and the objects they want to manipulate through a three-part classification (Subject, Action, Object) that is familiar throughout the security field, whether in the Unix “who-permissions-object” model (”group X has write permission to file Y”)

With Alpha 3, PolicyKit integration is gaining visibility in the administrative user interfaces. PolicyKit makes it possible to run administrative applications as a normal user, and have them get a particular set of extra privileges for certain operations, which allows fine grained control over user permissions and enhances usability, as well as eliminating the security implications of running the whole application as root.

This feature is included in Ubuntu hardy heron

Sponsored Link

2 Comments to “Policykit – Gaining visibility in the administrative user interfaces”

  1. Fr33d0m says:

    I don’t understand how software like this can become a part of the default install without end user documentation. I understand the security implications of the project, but it seems stupid to include something like policykit that people will inevitably misuse without documentation to tell them how to use it properly.

  2. Steve says:

    I agree with Fr33d0m. I upgraded to Ubuntu 9.10. The update removed some key parts of policykit without explaining any of the implications. It completely broke my access to my android dev phone via ddms. Where before I got a device ID, now I just get a string of “?”. I can run it as sudo – whatever – doesn’t matter. NOTHING will let me have access. Not even root.

    When security is broken, it’s just not worth having.

Leave a Reply

  • Recent comments