Fedora 37 Looks To Make pkexec Optional For Improved Security

Written by Michael Larabel in Fedora on 20 February 2022 at 05:17 AM EST. 23 Comments
Following the nasty local privilege escalation vulnerability that was disclosed last month for Polkit's pkexec, Fedora developers are hoping to make pkexec optional later this year with Fedora 37.

A new change proposal was submitted this past week for splitting Pkexec from the Polkit package and also moving polkit-pkla-compat into its own sub-package too. Thus for Fedora 37 desktop users not needing Pkexec around, it can be avoided.

This move comes after the PwnKit disclosure from January for Pkexec allowing local privilege escalation. The issue can be easily exploited and allows unprivileged users to gain full root privileges.

Pkexec can be used for executing a command as another user but for programs needing root access there is ideally better ways to handle it rather than running the entire program as root.

Fedora's change proposal would make pkexec as an optional sub-package of Polkit. Pkexec isn't needed these days for the correct functionality on most servers and desktops. While there are patches since January to Pkexec, since it's less needed these days the hope is to simply avoid it where possible moving forward.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week