Show Your Support: This site is primarily supported by advertisements. Ads are what have allowed this site to be maintained on a daily basis for the past 18+ years. We do our best to ensure only clean, relevant ads are shown, when any nasty ads are detected, we work to remove them ASAP. If you would like to view the site without ads while still supporting our work, please consider our ad-free Phoronix Premium.
Fedora 37 Looks To Make pkexec Optional For Improved Security
A new change proposal was submitted this past week for splitting Pkexec from the Polkit package and also moving polkit-pkla-compat into its own sub-package too. Thus for Fedora 37 desktop users not needing Pkexec around, it can be avoided.
This move comes after the PwnKit disclosure from January for Pkexec allowing local privilege escalation. The issue can be easily exploited and allows unprivileged users to gain full root privileges.
Pkexec can be used for executing a command as another user but for programs needing root access there is ideally better ways to handle it rather than running the entire program as root.
Fedora's change proposal would make pkexec as an optional sub-package of Polkit. Pkexec isn't needed these days for the correct functionality on most servers and desktops. While there are patches since January to Pkexec, since it's less needed these days the hope is to simply avoid it where possible moving forward.