ConsoleKit (0.2.10) / PolicyKit / Security hole

Michael Biebl biebl at
Sat Jul 19 16:23:32 UTC 2008

Martin Pitt wrote:
> Michael Biebl [2008-07-19  6:47 +0200]:

>> Problem now is, if you disable the PolicyKit support, the restart/stop  
>> functions are unprotected, and everyone (even through ssh logins) can  
>> shutdown/reboot the system. For fun try [3] from an unpriviledged user  
>> account. See src/ck-manager.c and grep for HAVE_POLKIT
> Ugh, many thanks for bringing this up, and yay for upstreams putting
> sane defaults into their software...
>> Imo this is a major security hole in intrepid.
> Full ack.
>> Now there are different options how to address this:
>> 1. in /etc/dbus-1/system.d/ConsoleKit.conf
>> open
>>     <allow send_interface="org.freedesktop.ConsoleKit.Manager"
>>            send_member="Restart"/>
>>     <allow send_interface="org.freedesktop.ConsoleKit.Manager"
>>            send_member="Stop"/>
>> only for
>> a) root
>> b) at_console
> Would work for me. However, I think we should rather fix the upstream
> code to deny access to those functions altogether if policykit support
> is disabled. That would be the safe and sane fallback IMNSHO. We
> should also urge upstream to adopt that patch.

Well, it's basically the same as with hal's powermanagement interface 
(org.freedesktop.Hal.Device.SystemPowerManagement: Shutdown()/Reboot()/..)

If PK support is not enabled in hal, it's only safeguarded by the dbus 
policy rules. It's just that hal upstream used to ship a more 
restrictive dbus conf file (the current upstream git has the 
same security problem, at least it has some comments within the conf file).

I guess I'll go with 1.a) then for the Debian package.


Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 260 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the Ubuntu-devel-discuss mailing list