Rocksolid Light

groups  faq  privacy  How to post  login


Never give an inch!

rocksolid / de.comp.os.unix.x11 / pkexec?

* pkexec?Ulli Horlacher
`- Re: pkexec?Marco Moock

Subject: pkexec?
From: Ulli Horlacher
Newsgroups: de.comp.os.unix.x11
Organization: University of Stuttgart, FRG
Date: Sat, 2 Mar 2024 20:05 UTC
From: (Ulli Horlacher)
Newsgroups: de.comp.os.unix.x11
Subject: pkexec?
Date: Sat, 2 Mar 2024 20:05:39 +0000 (UTC)
Organization: University of Stuttgart, FRG
Lines: 31
Message-ID: <us00qj$7oj$>
X-Trace: 1709409939 7955 (2 Mar 2024 20:05:39 GMT)
NNTP-Posting-Date: Sat, 2 Mar 2024 20:05:39 +0000 (UTC)
User-Agent: tin/2.6.3-20231224 ("Banff") (Linux/5.15.0-97-generic (x86_64))
View all headers

Ich hab jetzt erst pkexec entdeckt, was so eine Art GUI-sudo ist

Das funktioniert:

framstag@moep:~: cat /usr/bin/synaptic-pkexec
pkexec "/usr/sbin/synaptic" "$@"

Das startet dann synaptic suid root.

Das funktioniert leider nicht:

framstag@moep:~: pkexec xterm
xterm: Xt error: Can't open display: %s
xterm: DISPLAY is not set

framstag@moep:~: pkexec /usr/bin/xfce4-terminal

(xfce4-terminal:14545): Gtk-WARNING **: 21:00:41.641: cannot open display:

Warum nicht?
synaptic ist schliesslich auch ein X11 Programm, das DISPLAY benoetigt?

Ullrich Horlacher Server und Virtualisierung
Rechenzentrum TIK
Universitaet Stuttgart E-Mail:
Allmandring 30a Tel: ++49-711-68565868
70569 Stuttgart (Germany) WWW:

Subject: Re: pkexec?
From: Marco Moock
Newsgroups: de.comp.os.unix.x11
Date: Sat, 2 Mar 2024 20:10 UTC
References: 1
From: (Marco Moock)
Newsgroups: de.comp.os.unix.x11
Subject: Re: pkexec?
Date: Sat, 2 Mar 2024 21:10:15 +0100
Message-ID: <us0137$ribi$>
References: <us00qj$7oj$>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Injection-Date: Sat, 2 Mar 2024 20:10:15 -0000 (UTC)
logging-data="903538"; mail-complaints-to=""
Cancel-Lock: sha1:U+9GjUbT55jkthItRhYCGL3jdKM=
X-User-ID: eJwFwYEBgDAIA7CXgNIOz0Em/59gQsg1J0Ull4v8VNVznjZMreBg91by4k2367iMDquNQP4R8hBi
X-Newsreader: Claws Mail 4.2.0 (GTK 3.24.41; x86_64-pc-linux-gnu)
View all headers

Am 02.03.2024 20:05 Uhr schrieb Ulli Horlacher:

> Warum nicht?
> synaptic ist schliesslich auch ein X11 Programm, das DISPLAY
> benoetigt?

Weiß ich nicht, aber die Manpage sagt, dass das so gewollt ist:

The environment that PROGRAM will run it, will be set to a
minimal known and safe environment in order to avoid injecting
code through LD_LIBRARY_PATH or similar mechanisms. In addition
the PKEXEC_UID environment variable is set to the user id of the
process invoking pkexec. As a result, pkexec will not by default
allow you to run X11 applications as another user since the
$DISPLAY and $XAUTHORITY environment variables are not set.
These two variables will be retained if the
org.freedesktop.policykit.exec.allow_gui annotation on an action
is set to a nonempty value; this is discouraged, though, and
should only be used for legacy programs.


Spam und Werbung bitte an

rocksolid / de.comp.os.unix.x11 / pkexec?


rocksolid light 0.9.136
clearnet tor