Take a look at the bug. It’s polkit defaulting to 0 if dbus is down for the UID. A terrible but understandable default. It has absolutely nothing to do with the systemd structure other than being a component with a bug.
The quoted statement is not entirely accurate, polkit is compile-time optional in systemd. Though most distributions will use it because it's an enhancement over the even older sudo-type authentication mechanisms.
The versioning scheme of `pkexec` in Debian based Linuxes leaves a little to be desired.. `pkexec --version` in Debian 10 and Ubuntu 20 (server/minimal) both report `0.105` but according to the article it's fine for `0.105-25` (Debian 10) and vulnerable in `0.105-26` (Ubuntu >18).. but you can't find out from the CLI.
The self-reported version from `pkexec` could definitely be clearer. Instead I checked the versions of the installed packages using `dpkg -l | grep -i polkit`. On an up-to-date Ubuntu 20.04 desktop I see `0.105-26ubuntu1.1`.
12 comments
[ 0.24 ms ] story [ 30.2 ms ] threadI can't help imagining a distro developer looking out at systemd across a lava field and saying:
"You were the chosen one! It was said that you would destroy the badly designed legacy components, not join them!"
Systemd requiring polkit is a valid issue.
"Privilege escalation with polkit: Rooting Linux with a 7-year-old bug"