Pkexec is a similar command to sudo, which enables you to run a command as root. To illustrate that polkit isn’t just for graphical sessions, try running this command in a terminal: pkexec reboot
#UBUNTU UNIVERSAL ANDROID ROOT PASSWORD#
The dialog box is known as an authentication agent and it’s really just a mechanism for sending your password to polkit. The dialog box might give the impression that polkit is a graphical system, but it’s actually a background process. For some requests, polkit will make an instant decision to allow or deny, and for others it will pop up a dialog box so that an administrator can grant authorization by entering their password. If you want to do something that requires higher privileges-for example, creating a new user account-then it’s polkit’s job to decide whether or not you’re allowed to do it. It essentially plays the role of a judge. Polkit is the system service that’s running under the hood when you see a dialog box like the one below: Here’s a table with a selection of popular distributions and whether they’re vulnerable (note that this isn’t a comprehensive list): However, some Debian derivatives, such as Ubuntu, are based on Debian unstable, which is vulnerable. The most recent stable release of Debian, Debian 10 (“buster”), uses version 0.105-25, which means that it isn’t vulnerable. In the Debian fork, the bug was introduced in commit f81d021 and first shipped with version 0.105-26. The bug has a slightly different history on Debian and its derivatives (such as Ubuntu), because Debian uses a fork of polkit with a different version numbering scheme. However, many of the most popular Linux distributions didn’t ship the vulnerable version until more recently. It was introduced seven years ago in commit bfa5036 and first shipped with polkit version 0.113. History of CVE-2021-3560 and vulnerable distributions
#UBUNTU UNIVERSAL ANDROID ROOT SOFTWARE#
As a member of GitHub Security Lab, my job is to help improve the security of open source software by finding and reporting vulnerabilities. It’s used by systemd, so any Linux distribution that uses systemd also uses polkit. Polkit is a system service installed by default on many Linux distributions.