You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Your repository contains a polkit policy file that defines a polkit annotation for org.freedesktop.policykit.exec.argv2. This annotation is found here.
In the course of doing a security review of polkit policies in SUSE Linux distributions I came across this usage in a couple of packages. It turns out that while specifying argv1, argv2, etc. restrictions feels natural it isn't supported by polkit. It only supports the specification of an argv1 and that's it. It was probably implemented as a special case to support script parameters for interpreters.
The polkit documentation only explicitly mentions argv1 and also the code only explicitly checks for this annotation.
I suggest to remove this annotation to avoid a false sense of security to developers or users/integrators of your project.
The text was updated successfully, but these errors were encountered:
Your repository contains a polkit policy file that defines a polkit annotation for
org.freedesktop.policykit.exec.argv2
. This annotation is found here.In the course of doing a security review of polkit policies in SUSE Linux distributions I came across this usage in a couple of packages. It turns out that while specifying argv1, argv2, etc. restrictions feels natural it isn't supported by polkit. It only supports the specification of an argv1 and that's it. It was probably implemented as a special case to support script parameters for interpreters.
The polkit documentation only explicitly mentions argv1 and also the code only explicitly checks for this annotation.
I suggest to remove this annotation to avoid a false sense of security to developers or users/integrators of your project.
The text was updated successfully, but these errors were encountered: