Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Escalate privileges when writing into a restricted location on Linux #19412

Merged
merged 7 commits into from May 29, 2019

Conversation

Projects
None yet
2 participants
@as-cii
Copy link
Member

commented May 28, 2019

Fixes #4115

This pull request upgrades text-buffer to prompt the user for privilege escalation when attempting to write to an unauthorized location on Linux. It takes advantage of Polkit, which has now become a required dependency in the Debian and RPM distributions (1e87055 and 949e53e). Note that distros such as Ubuntu Desktop ship with a version of Polkit already.

The packages distributed from this version onward will also install a .policy file (50f73a5 and 3b5eb5d) that takes care of customizing the privilege escalation prompt, as well as retaining admin access to dd (the command line utility that we use for flushing in-memory text into a file) for a short period of time.

馃崘'd with @rafeca

as-cii and others added some commits May 28, 2019

Require policykit in debian distribution
This is used by fs-admin to invoke `pkexec` and escalate privileges to
write into restricted locations.

Co-Authored-By: Rafael Oleza <rafeca@github.com>
Add policy to prevent asking password more than once on Debian
This is a polkit policy that is read when fs-admin invokes `dd` via
`pkexec` after trying to write into a restricted location. By specifying
`auth_admin_keep`, we are telling the polkit daemon to not prompt users
for a password again if they have already escalated privileges recently.

Co-Authored-By: Rafael Oleza <rafeca@github.com>
Require policykit in RPM distribution
Co-Authored-By: Rafael Oleza <rafeca@github.com>
Add policy to prevent asking password more than once on RPM
See 50f73a5 for more details.

Co-Authored-By: Rafael Oleza <rafeca@github.com>

@as-cii as-cii marked this pull request as ready for review May 29, 2019

@as-cii

This comment has been minimized.

Copy link
Member Author

commented May 29, 2019

I tested this on Ubuntu and Fedora, and Atom now correctly prompts me to escalate privileges when attempting to write to a restricted file. I plan to merge this as soon as we have a green build.

@as-cii as-cii merged commit 88019da into master May 29, 2019

2 checks passed

Atom Pull Requests #20190529.2 succeeded
Details
continuous-integration/appveyor/pr AppVeyor build succeeded
Details

@as-cii as-cii deleted the as-ro/save-restricted-files-on-linux branch May 29, 2019

@rafeca rafeca referenced this pull request Jun 12, 2019

Merged

猬嗭笍 fs-admin@0.5.0 #19506

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can鈥檛 perform that action at this time.