Thanks to visit codestin.com
Credit goes to github.com

Skip to content
This repository was archived by the owner on Mar 3, 2023. It is now read-only.

Escalate privileges when writing into a restricted location on Linux #19412

Merged
as-cii merged 7 commits into from
May 29, 2019
Merged

Escalate privileges when writing into a restricted location on Linux #19412

as-cii merged 7 commits into from
May 29, 2019

Conversation

@as-cii
Copy link
Contributor

@as-cii as-cii commented May 28, 2019
edited
Loading

Fixes #4115

This pull request upgrades text-buffer to prompt the user for privilege escalation when attempting to write to an unauthorized location on Linux. It takes advantage of Polkit, which has now become a required dependency in the Debian and RPM distributions (1e87055 and 949e53e). Note that distros such as Ubuntu Desktop ship with a version of Polkit already.

The packages distributed from this version onward will also install a .policy file (50f73a5 and 3b5eb5d) that takes care of customizing the privilege escalation prompt, as well as retaining admin access to dd (the command line utility that we use for flushing in-memory text into a file) for a short period of time.

🍐'd with @rafeca

Antonio Scandurra and others added 5 commits May 28, 2019 11:53
@rafeca
Require policykit in debian distribution
1e87055 
This is used by fs-admin to invoke `pkexec` and escalate privileges to
write into restricted locations.

Co-Authored-By: Rafael Oleza <[email protected]>
@rafeca
Add policy to prevent asking password more than once on Debian
50f73a5 
This is a polkit policy that is read when fs-admin invokes `dd` via
`pkexec` after trying to write into a restricted location. By specifying
`auth_admin_keep`, we are telling the polkit daemon to not prompt users
for a password again if they have already escalated privileges recently.

Co-Authored-By: Rafael Oleza <[email protected]>
@rafeca
Require policykit in RPM distribution
949e53e 
Co-Authored-By: Rafael Oleza <[email protected]>
@rafeca
Add policy to prevent asking password more than once on RPM
3b5eb5d 
See 50f73a5 for more details.

Co-Authored-By: Rafael Oleza <[email protected]>
@rafeca
Create folder before copying polkit policy file on redhat
f5926fe
This was referenced May 28, 2019
Merged
Merged
@as-cii as-cii marked this pull request as ready for review May 29, 2019 12:24
@as-cii
Copy link
Contributor Author

as-cii commented May 29, 2019
edited
Loading

I tested this on Ubuntu and Fedora, and Atom now correctly prompts me to escalate privileges when attempting to write to a restricted file. I plan to merge this as soon as we have a green build.

@as-cii as-cii merged commit 88019da into master May 29, 2019
@as-cii as-cii deleted the as-ro/save-restricted-files-on-linux branch May 29, 2019 14:44
@rafeca rafeca mentioned this pull request Jun 12, 2019
Merged
@rafeca rafeca mentioned this pull request Jun 20, 2019
Closed
6 tasks
@jhack-jos
Copy link

jhack-jos commented Nov 20, 2019

I tested this on Ubuntu and Fedora, and Atom now correctly prompts me to escalate privileges when attempting to write to a restricted file. I plan to merge this as soon as we have a green build.

@as-cii Thank you for the marvellous job! Is there any ETA for Windows 10? It is a long time we are waiting to be able to escalate privileges. The previous issues signling the problem now are closed, but as far as I know the feature is still not implemented. Shall I open a new issue?

@woojoo666 woojoo666 mentioned this pull request Sep 5, 2020
Open
1 task
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Ask for root password when required

4 participants

@as-cii @jhack-jos @rafeca